sircles.net Computer Support The sircles IT support & solutions blog | Purchase Order No_18081994 - Fake Invoice PDFs with Spam URL Links

Twitter Feed Popout byInfofru

The sircles IT support & solutions blog SEO, Copy Writing, Networking and Internet Safety & Security

Purchase Order No_18081994 - Fake Invoice PDFs with Spam URL Links

Purchase Order No_18081994 - Fake Invoice PDFs with Spam URL Links  

Purchase Order No_18081994 - Fake Invoice PDFs with Spam URL Links

We have seen some fake purchase order emails today that have been modified in order to circumvent our latest advice on receiving bills by email. PDFs are the usual, preferred method but they can also be used to send links to potentially hazardous material and so, to clear up any confusion:

Do not open links from questionable senders in any format!

 

 

 

From:                                         De la Rosa, Samuel <samuel.delarosa@swissport.com>

Sent:                                           30 August 2017 00:57

Subject:                                     Purchase Order No_18081994

Attachments:                          Purchase Order No_18081994.pdf

 



Dear Sir/Madam,

We are pleased to place an order with you which you will find attached.Please confirm the receipt of this order by email and let us have your order acknowledgement.
Do not hesitate to contact us if there are any questions regarding this order.

Best regards,

De La Rosa,Samuel
Customer & Technical Service

 

The email contains a PDF:

 

 

Now the PDF includes a link to an external page:

 

 

There is no reason to send a PDF which contains this link - this is just to avoid detection of the link in the email. If you click on the link on a Windows PC using IE you receive a warning:

 

 


Firstly, remove the tick from this box - never trust any link from anything!!!

A PDF link can be as dangerous as any other link!!!

 

Now do we recognise this domain? http://roarr.org It is an .ORG domain in this case, but unless you recognise the domain, click BLOCK and send the email to JUNK

If you decide to open this particular link, you will receive:

 

 

This has been reported to Microsoft as a dangerous domain - DO NOT OPEN!!!

 

If we continue, against all advice, we can see that it is an impersonation of DocuSign:

 

 

Always check the domain in the address bar at the top against what you are seeing - this is obviously a spam site trying to get your email address and password CLOSE THIS PAGE AND DELETE THE EMAIL!!

 

Add comment