Beware of fake e-mails with settlements and invoices. Do not open these messages

The Internet is full of “new” ways to extort personal data or login details to bank accounts. Experts warn against fake news

• “Payment deadline expires”,

• “Overdue payment”,

• “Quarterly settlement”,

• “Please pay the invoice”

This is how cybercriminals try to rob you

E-mail messages titled in this way travel every day between the e-mail boxes of hundreds of thousands of office workers throughout Poland. In December, at the end of the year, most such emails are sent.

Cybersecurity experts warn that this year we should pay special attention to this type of correspondence, because messages that look quite familiar at first glance and do not arouse suspicion may contain phishing malware that is simply trying to rob the recipient. .

The ideal time for this type of attacks is the Christmas and New Year’s chaos in many companies, when extortion attempts take place under the pretext of an unpaid invoice, final settlement or a request to complete additional documentation. Opening an unauthorized attachment may result in infecting company equipment with malware, such as a banking Trojan, which is ultimately intended to wipe the victim’s account.

Such a mistake can have tragic consequences

– These are usually quite simple phishing attacks, and their basic scenario does not change. The attacked user receives an e-mail with a disturbing title, suggesting the need for quick action, and its content is intended to make him click on a link, open an attachment, and even make a quick transfer. explains Kamil Sadkowski, an analyst of the ESET antivirus laboratory.

It turns out that the threat may even come from outside Poland, so especially corporate employees, but also ordinary Internet users, should be particularly sensitive to suspicious accents in telephone conversations or grammatical errors in text messages.

“Year by year, cybercriminals who use the end-of-fiscal-year motif are becoming more and more committed to making their messages credible. Even those attacking from abroad have more and more tools at their disposal, which translate the content better and better, thus enabling them to build a message with a high level of credibility.”

A cybercriminal may know who you are and where you work

Cybercriminals can be really smart. Attacks are often preceded by a kind of “environmental investigation”, which effectively makes attempts at extortion and financial fraud more likely.

– Attacks are also based on increasing knowledge of local realities – their authors invent very probable company names, names and surnames of false contractors, and make the appearance of false documents attached to e-mails similar to the originals. They often work meticulously on the graphic layer of e-mails so that they resemble business correspondence as closely as possible – explains Kamil Sadkowski.