Beware ‘invoice’ email scam to steal bank details

Online security experts are warning computer users to be very wary of emails that claim to contain invoices, even if they appear to be from a trusted source.

Fraudsters are sending out fake invoices that, when opened, infect computers with dangerous malicious software, known as “malware”, which gives them access to the information stored on it.

Financial Fraud Action UK has warned that sophisticated scammers are using the malware primarily to steal online banking details.

Self-employed, freelance and contract workers are particularly vulnerable because they may receive invoices regularly from a number of sources.

The email may appear as if it was sent by a well-known supplier or other trusted source. Fraudsters often try to mimic the email address of a legitimate supplier or a colleague or friend in a bid to trick the recipient into thinking the invoice is genuine.

The attached invoice will look like a standard document or spreadsheet, however to view the file you must enable a “macro”, which is a set of pre-programmed instructions for a computer. This macro installs the malware, which can infect an entire computer network. It logs your online banking details, along with other financial information, before sending it on to the criminals who then attempt to steal money from your accounts.

Financial Fraud Action UK’s top tips:

  • Be on the lookout for unexpected invoices or unusual payment requests.
  • Avoid enabling any macros on an untrusted document.
  • If you’re suspicious – don’t reply to the email but instead call your supplier on the number that you have on file to check the authenticity of the invoice.
  • Ensure you have the latest anti-virus and security updates installed on your computer and consider using high-level macro security settings in software applications.
  • Ensure strong firewalls are in place to help detect malware and prevent data leaving the network without permission.
  • Consider using a separate computer dedicated to making online payments to minimise security risks.

Image: Email scam by Shutterstock