Don’t Click That! How to Spot an Invoice Impersonation Attack (TechRepublic)


Workers are seeing a wave of phishing attacks that send victims a link to a fake invoice that appears to come from a trusted party, according to a new threat spotlight report from security firm Barracuda Networks.

These emails don’t usually appear to be out of the ordinary, and guide the recipient to click on a link to an invoice. The sender’s name is carefully chosen by the attackers to be someone the recipient knows and trusts.

If a victim clicks on the link, it typically begins downloading a doc. file for the supposed invoice. This is usually a malware download that could trigger ransomware, or steal the recipients’ credentials from the browser.

“As we continue to see these attempts grow in popularity, it’s important to be aware of the warning signs in the messages,” Lior Gavish, vice president of engineering and content security services at Barracuda Networks, wrote in the report.