Beware of e-mails with fake invoices

Beware of e-mails with fake invoices

We warn you against another phishing campaign with e-mails containing a fake invoice for mobile services allegedly from Orange Polska S.A.

The e-mail contains an attachment which after opening infects your computer or device with malware. The consequences might involve the loss of sensitive data such as logins, passwords or credit card numbers. If the attachment is not infected and we pay the fake invoice hastily, the money will credit the fraudster’s account.

Frequently criminals during phishing attacks send on purpose messages from addresses that are similar to official e-mail addresses in order to make the fake message look more credible as if it was a message from the operator, for instance. The correspondence usually arouses no suspicion. The message frequently contains: the company logo, new offer advert, bank account number or link to the operator’s website. Remain vigilant!

We remind you that:

  • you should pay attention to the address from which you received an e-mail with the invoice
  • you should check the correctness of a bank account quoted in the invoice to which you should transfer the money
  • an electronic invoice is sent only to the address that you have given to your telecommunications service provider
  • if you have not agreed to receive an electronic invoice, it should not be sent to your e-mail address
  • you shouldn’t click on links such as: payment order, electronic payment or link to your e-invoice, if you are not 100% sure that your operator is the sender of this e-mail
  • you shouldn’t reply to the message with a suspicious electronic invoice.

The warning against a new phishing campaign with fake invoices was published by CERT on its fanpage. The note explains the mechanism for downloading and installing malware.