We have seen some fake purchase order emails today that have been modified in order to circumvent our latest advice on receiving bills by email. PDFs are the usual, preferred method but they can also be used to send links to potentially hazardous material and so, to clear up any confusion:
From: De la Rosa, Samuel <[email protected]>
Sent: 30 August 2017 00:57
Subject: Purchase Order No_18081994
Attachments: Purchase Order No_18081994.pdf
We are pleased to place an order with you which you will find attached.Please confirm the receipt of this order by email and let us have your order acknowledgement.
Do not hesitate to contact us if there are any questions regarding this order.
De La Rosa,Samuel
Customer & Technical Service
The email contains a PDF:
Now the PDF includes a link to an external page:
There is no reason to send a PDF which contains this link - this is just to avoid detection of the link in the email. If you click on the link on a Windows PC using IE you receive a warning:
Firstly, remove the tick from this box - never trust any link from anything!!!
A PDF link can be as dangerous as any other link!!!
Now do we recognise this domain? http://roarr.org It is an .ORG domain in this case, but unless you recognise the domain, click BLOCK and send the email to JUNK
If you decide to open this particular link, you will receive:
This has been reported to Microsoft as a dangerous domain - DO NOT OPEN!!!
If we continue, against all advice, we can see that it is an impersonation of DocuSign:
Always check the domain in the address bar at the top against what you are seeing - this is obviously a spam site trying to get your email address and password CLOSE THIS PAGE AND DELETE THE EMAIL!!