Threat Alert: Invoice-Themed Phishing Lures 

• Cybercriminals have launched a phishing campaign using invoice-themed lures to deliver malware. 
• Phishing lures in this campaign involve invoice-related subject lines and message prompts directing recipients to open an invoice-themed Microsoft Excel attachment. 
• The opened Excel attachment reveals a button to “enable editing” that, if clicked, would start the malicious execution chain. 

Key Actions (At Work and at Home) 

• Remain alert to phishing indicators. Mismatches between sending addresses and an organization’s name are always warning signs, as are mismatches between an apparent sending address and the reply-to address.   
• Verify the legitimacy of any unsolicited/unexpected email before you interact with it, especially if it directs you to click on a link or asks you to download software. It can be tempting to click on a “call to action.” Excel attachments with “enable editing” popups should be a red flag and immediately deemed as suspicious. 
• Familiarize yourself with standard payment processes. Communications regarding payments should only ever come from known, organizational email addresses. If in doubt, always navigate directly to internal portals to double check the legitimacy of payment-related changes or email the finance or HR teams before interacting with a message.      
• Report ANY suspicious emails using the Phish Alarm button.