Invoice malware warning for finance departments

Unsolicited email attachments in the form of unpaid invoices could pose a danger to finance departments, cybersecurity analyst Graham Cluley has warned.

The threat is part of a malware campaign being waged by hackers and online criminals who are targeting businesses computer accounting systems.

Social engineering

As with many online scams, the real danger begins with a far more old-fashioned approach that is often given the modern sounding name of 'social engineering.'

Essentially, the criminals try to trick busy finance departments into uploading malware to their systems via a file pretending to be an unpaid invoice and then demanding payment through a bogus courier service.

Cluley said the new spate of emails felt like “a major malware campaign” and warned that they had been “spammed out widely and - more than that - are adapting from day to day to use slightly different wording and also adjusting the malware to get it past anti-virus defences.”

Cybersecurity

The latest warning follows new research from Aon Risk Solutions, a risk management company, which revealed that SMEs are not taking the issue of cybersecurity seriously.

Aon asked 1,042 decision makers from SMEs about their insurance cover to help protect them from the implications of cyber attacks and found that only 4% of those surveyed had any in place, marking only a 1% increase from Spring 2015.

MD of Aon Affinity Chris Lee-Smith said: “Cybercrime is a significant risk and security concerns should be top of mind for any business.”