This content is viewable by Everyone

Mar 2023: Invoice-Themed Phishing Lures Spreading Malware

Threat Alert: What to Watch For

  • Cybercriminals have launched phishing attacks using malicious invoice-themed attachments to spread malicious software (malware). 
  • The phishing attacks hijack legitimate email threads to deliver the phishing lures to further increase the believability of the attacks. This means the lures may appear to be response to previous, legitimate email conversations. 
  • The malicious attachments used in this campaign are extremely large, zipped Microsoft Word files. The files, when unzipped, are approximately 500 megabytes in size. 

Key Action: Report Suspicious Emails

  • Report ANY suspicious emails using the Phish Alarm button in your email menu bar. 
  • Remember: Our organization occasionally sends phishing simulations that are used to evaluate the potential impact of a real phishing attack. Report any emails that match the tactics described above. 
  • If a reported message is a simulation, you will see a notification alerting you to that. No further action is needed on your part. 
  • If a reported message was not a simulation, and you are concerned about a time-sensitive request, you must take additional steps to verify the email is valid before acting on it. 

Tips to Remember (at Work and at Home)

  • Verify attachments, even if they’re sent through or posted to an internal cloud system or email platform. It’s possible for internal accounts to be compromised. In these cases, internal emails from legitimate employees will have malicious intent. These are very hard to spot, but your attention to detail can help.
  • Email replies from trusted accounts can be malicious. Some phishing attacks will compromise legitimate accounts and respond to conversations to appear more believable. Always be sure to verify the legitimacy of unexpected attachments from trusted sources through a different means of communication, like a phone call or in person. 
  • Install a reputable, well-researched mobile antivirus app. If you inadvertently download malware, an antivirus app can help to identify it and alert you to problems. Mobile security apps help to protect your device and personal information.  At UCSF you can download Intune.  It includes an anti-virus app as well as other security tools. It ensures you meet the UCSF Minimum Security Standards and must be installed on mobiles used for UCSF purposes.
Invoice Phish Indicators
Invoice Phish Indicators
Invoice Phish Indicators