Beware of invoices landing in your email inbox. They’re likely bogus.

You’ve no doubt received mysterious “invoices” landing in your email inbox, yet you don’t recall ever having ordered or contracted with the person or “service” contacting you. Guess what? Your suspicions are correct and the “invoice” sent to you is indeed bogus.

The primary motive behind these emailed “invoices” is to extract banking information from you. These emails usually contain an attachment, often a .PDF or Word document infected with malware-infested macros which, when enabled, will search your computer for passwords and other sensitive financial information. Even if the document isn’t infected, some fraudsters hope that you’ll actually pay the invoice. Either way, you will pay — for nothing if you fall for these scams.

According to this article, the self-employed are most vulnerable:

Self-employed, freelance and contract workers are particularly vulnerable because they may receive invoices regularly from a number of sources.

The email may appear as if it was sent by a well-known supplier or other trusted source. Fraudsters often try to mimic the email address of a legitimate supplier or a colleague or friend in a bid to trick the recipient into thinking the invoice is genuine.

The attached invoice will look like a standard document or spreadsheet, however to view the file you must enable a “macro”, which is a set of pre-programmed instructions for a computer. This macro installs the malware, which can infect an entire computer network. It logs your online banking details, along with other financial information, before sending it on to the criminals who then attempt to steal money from your accounts.

But wait, there’s more! You’ll also see invoices that look like the real deal — but they’re completely fake. These “invoices” are what the law calls “solicitations.” Such invoices can be ignored, however, there are some which are genuine but either overcharge you or simply add items or services that you don’t want. There are five invoicing scam categories to watch out for: directory listings, domain renewal notices, paying through the nose, magazine subscriptions, and mystery supplies. Find a detailed description of each here.

I’ve received my fair share of these bogus “invoices” over the years and always delete them. Here’s the latest:

fake_invoiceAccording to the email a “Vance Gislason” of “Dickinson LLC” is trying to hit me up for some charge for an outstanding September 2015 service that I supposedly contracted for. I’m sure that if I was curiously careless enough to download and open the PDF attachment I’d find out what the “charges” are for:

Hi,

I’ve attached a statement.  Yes, the outstanding invoices are september 2015 forward and there are no production invoices.  I apologize it has taken me some time to pull this together.
Your September invoice is also attached.  Please remit payment at your earliest
convenience.

Thank you for your business – we appreciate it very much!

Sincerely,
Vance Gislason

I’m thinking this scammer is using Dickinson LLC as a front; the only “Vance Gislason” that I can find is this particular Instagram account (with the unfortunate username of @vinderswindler). Somehow, I don’t believe that this particular Mr. Gislason knows that his name is being used for nefarious purposes. As for the email address, it may be spoofed or fake. It’s interesting that this email was sent to my web development domain address, perhaps hoping that I would mistakenly believe that I used these services. Unfortunately for them, I know to a penny what I owe and to whom. I’ve never even heard of this company prior to receiving the email.

The moral of the story: Keep a detailed accounting of what you owe for services and delete any randomly emailed “invoices” with confidence.

Leave a Reply

Your email address will not be published. Required fields are marked *

*