Fake Billing Scam

Fake billing scams are attacks that are created to mimic a payment confirmation for various products or services.

The emails are constructed to look like the recipient or recipient’s company has made a payment, when in fact they have not. The victim, thinking they’ve unwittingly paid an invoice, disputes the payment. During the back-and-forth, the attacker sends malware or phishing attacks to the victim.

A scammer sends a fake invoice confirmation email to a target. The emails generally contain a telephone number recipients can call to dispute the fictitious charges. Since the victim didn’t pay the invoice, they’re more likely to call the number.

The phone number connects to a “customer service representative” who walks the target through the process of resolving the mistaken payment. During this process, victims are usually asked to download an application that will allow the scammer to remotely access their computer.

While the scammer has remote access, they can infect the victim’s computer with malware, which allows them to conduct additional malicious activity after this initial call is complete and the victim’s payment issue is “resolved.”

On the surface, there’s nothing inherently malicious about these invoice emails. They’re either text-only, or they contain a simple PDF of an invoice. There aren’t any suspicious files or dangerous URLs. Traditional email security won’t pick up any red flags, meaning the email ends up in employee inboxes.

Advanced email security will notice a few suspicious signals in a fake billing email:

• The email may come from an unknown sender that hasn’t communicated with the recipient before.

• It discusses invoices and financial transactions, which are common in email attacks.

• The target is given a request for further action—in this case, to call the customer service phone number.

Modern email security with behavioral baselining can understand these contextual and tonal clues to spot a suspicious email.