Australia markets open in 7 hours 7 minutes

    -29.60 (-0.39%)

    +0.0022 (+0.31%)
  • ASX 200

    -20.10 (-0.28%)
  • OIL

    +2.08 (+3.14%)
  • GOLD

    +14.10 (+0.79%)

    -13.93 (-0.02%)
  • CMC Crypto 200

    +24.29 (+1.65%)

WARNING: Fake ‘invoice.pdf’ scam hits Aussies’ inboxes

·2-min read
(Source: Getty, MailGuard)
(Source: Getty, MailGuard)

If you have an email address, be warned: a new type of phishing scam, posing as a file being shared with you, is trying to steal your personal details.

Email security software firm MailGuard said it has intercepted fraudulent emails that look like an invoice document in the form of a pdf being sent from OneDrive.

“The email appears to come from a file sharing service (imitating OneDrive), but it actually comes from a compromised account,” MailGuard said in a recent alert.

Read more:

The account comes from a domain name ‘sisdubai[dot]com’ that appears to be owned by ‘Sabari Indian School’.

(Source: MailGuard)
(Source: MailGuard)

But the file and the link encouraging recipients to open the file is fake, and will take you to fake phishing sites that will ask you for your email address and password.

(Source: MailGuard)
(Source: MailGuard)

“The campaign is designed to harvest sensitive user credentials that can be used in subsequent attacks and/or sold on the dark web,” MailGuard warned.

Major software and tech giants like Microsoft have been the victim of cyber attacks lately, with their users also facing regular attempts to have their details stolen.

Scammers will also take advantage of tax season and the fact that there may be several files being shared during this time.

“In the case of this scam, the target link to an ‘Invoice.pdf’ may be designed to coincide with the end of financial year, or the scammers may simply consider it a generic bait that will be of appeal to a wide audience,” MailGuard said.

But don’t click on links in any emails that don’t address you by name, feature poor grammar or spelling, or shoddy logo or branding.

And if the email is from a business you don’t expect to hear from or has a suspicious sender address, don’t click on any links.

WATCH BELOW: 4 Tips for Spotting and Avoiding Scams

“All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials,” said MailGuard.

“If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.”

Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting