This is also an old game that gets a face lift from time-to-time. Don't fall for their trap because so many of the general guidelines apply to these often simple scams to cause you pain!
Here is one actual example:
Natalie Johns <JohnsNatalie74@speakeasy.net>
FW: Invoice 2016-M#441161
Message: Payment_2016_March_441161.zip (4 KB)
Please fine attached two invoices for processing.
SO WHAT'S GOING ON HERE:
- The e-mail address that "sent this" most likely is bogus and if it is real, it most
likely was a coincidence. Often they will use the e-mail address then change
the domain name (in this case @speakeasy.net) which may be real or bogus.
Not everyone sees this Red Flag.
- The FX: Invoice 2016-M#441161 is a smoke screen to entice you to open the attachment using essentially the same information in the file name.
- The "To" field uses the last name only with no capitalization. Another Red Flag.
- What attached 2 invoices, there is only. Another trap to get you to open the attachment because you see only one. Red Flag. A legitimate company would most likely attach the two separate invoices for your examination. That's they way their computer systems are normally designed.
- Perhaps one common Red Flag seen often is the size of the attachment, reflected by the (4 KB) after Payment_2016_March_441161.zip Many high risk attachments seem to be 4 KB or 4 Kilobytes in size. Also note they will change the year and month name to make it look authentic.
ARE THERE OTHER SIGNS TO WATCH FOR?
- If you are doing business with these people why do they only use part of your full e-mail address? Why is nothing capitalized? Where is your first name?
Why? Because they have no idea or care because their game is to play a mind game and get you to open the attachment.
- If this was legitimate why is there no reference to the charges? Would you pay a bill that did not specify details of the transaction? If you would, rethink your decision on handling money.
- Why no company information? They don't have a company name!
- Why no address? They will stay in business only for a few days and they are not looking to get anything from you but the hope they really cause pain and suffering when you open the attachment.
- Why no contact information should there be a dispute? Because there will not be any dispute as your PC may be so trashed it is unusable.