Story image

Fake eWAY invoice contains malicious macro attachments

10 Apr 17

MailGuard has detected a new email malware scam that masquerades as an Australian online payments company.

The email contains a fake transaction confirmation from eWAY, an online payment company. The confirmation document contains a malicious macro that can download and run malware.

MailGuard states that the email was sent from estoreway.info, a newly registered domain very different to the genuine eway.com.au domain.

The scam persuades victims to open a Word attachment by stating that a purchase has been approved. 

The item will apparently be delivered to the address in the invoice/attachment. The attachment is password-protected to help it look legitimate, however it contains a macro that downloads macro malware.

MailGuard states there are a few key giveaways that the otherwise genuine-looking email is a scam:

The subject line “Receipt of APPROVED order!!!” uses excessive exclamation marks and capital letters. Dodgy grammar means it’s probably not a reputable brand.

The domain name and sender address informdesk@estoreway.info should also be double checked and compared to the genuine eWAY email and domain.

The attackers also instruct victims to ‘enable editing’, which should also serve as a warning that something is not right. Doing this launches the macro, which can then download malware.

The company says macros can automatically install malware and harmful files such as keyloggers, which track input and mouse clicks and trojans, which can delete, steal or copy a victim’s data.

They can remain undetected for months - only made discoverable when a breach has occurred.

MailGuard says there are simple ways to protect yourself from email scams.

  • Delete emails that seem suspicious or contain attachments that you were not expecting
  • Contain macro-enabled Word files that require you to enable or run the macro
  • Ask users to click a link in the email body to access the website.
  • MailGuard says if you are unsure, contact the company and ask if the email is genuine.
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”