Keno Kozie has recently noticed a new twist to an old phishing scam. This scam uses well-crafted email messages that appear to come from legitimate companies the recipient does business with. Within the email there appears to be a PDF attachment with information that requires confirmation for a payment for something – such as an outstanding invoice.
However, unlike older versions of this scam, the email does not actually include an attachment.
What appears to be the attachment is actually an HTML image with all the chevrons and visual representations that imply you can expand the description to obtain more information about the “attachment” without actually opening it. Since it is all just an image, clicking anywhere on it takes you to a rogue website with a malicious payload.
By mimicking the ability to click on drop-down menus, scammers exploit a safety measure that many security-aware and savvy users utilize.
Here is an example of what this scam may look like in your inbox:
To avoid falling for such phishing techniques, you should always be leery of emails that are impersonal, from people you don’t know, do not address you by name or are out of place. If you receive fake emails like these, delete them immediately. Never click on links or open attachments in an email unless you are sure of the sender. Whenever you are unsure, call the sender with a number previously known to you (not one in the new email) for confirmation.
Keno Kozie is committed to keeping our clients safe and up to date on the latest news around computer safety and scams. If you believe you have been a target of this latest scam, feel free to give us a call at 312.332.3000.