sb-nz logo
Story image

Fake eWAY invoice contains malicious macro attachments

10 Apr 2017

MailGuard has detected a new email malware scam that masquerades as an Australian online payments company.

The email contains a fake transaction confirmation from eWAY, an online payment company. The confirmation document contains a malicious macro that can download and run malware.

MailGuard states that the email was sent from estoreway.info, a newly registered domain very different to the genuine eway.com.au domain.

The scam persuades victims to open a Word attachment by stating that a purchase has been approved. 

The item will apparently be delivered to the address in the invoice/attachment. The attachment is password-protected to help it look legitimate, however it contains a macro that downloads macro malware.

MailGuard states there are a few key giveaways that the otherwise genuine-looking email is a scam:

The subject line “Receipt of APPROVED order!!!” uses excessive exclamation marks and capital letters. Dodgy grammar means it’s probably not a reputable brand.

The domain name and sender address informdesk@estoreway.info should also be double checked and compared to the genuine eWAY email and domain.

The attackers also instruct victims to ‘enable editing’, which should also serve as a warning that something is not right. Doing this launches the macro, which can then download malware.

The company says macros can automatically install malware and harmful files such as keyloggers, which track input and mouse clicks and trojans, which can delete, steal or copy a victim’s data.

They can remain undetected for months - only made discoverable when a breach has occurred.

MailGuard says there are simple ways to protect yourself from email scams.

  • Delete emails that seem suspicious or contain attachments that you were not expecting
  • Contain macro-enabled Word files that require you to enable or run the macro
  • Ask users to click a link in the email body to access the website.
  • MailGuard says if you are unsure, contact the company and ask if the email is genuine.
Story image
NZX, Metservice attacks show Kiwi companies must rethink cyber security
The attacks are a wake-up call for New Zealand businesses to step up their threat protection and contingency planning systems.More
Story image
Juniper Networks expands security offering for remote working
Juniper Networks has launched new solutions to enhance work from home security.More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More