Complete I.T. Blog

An Increase in Fake Invoices Sent from 365 Accounts

by | Oct 1, 2018 | Archived Articles


Today we bring you some advice straight from our helpdesk team who have seen an increase in fake emails being sent from Office 365 accounts. This latest cyber-attack method sees an email coming from an apparently familiar domain requesting a statement of accounts – in other words, the supplier, let’s call them X, receives an email from their client, let’s call them Y, asking to see how much they owe X along with requesting details on how to pay.

These emails are received via slightly different domain addresses, but to the untrained eye this is very easy to miss as the email layout, sender name and signature will all appear as if they have come from the legitimate address.

Unaware that this is an attack, X sends said statement of accounts to the email address that requested it. As the requesting address is a fake domain setup by the attacker, they then gain access to an official statement of accounts that should have been sent to Y (or not as the original request was fake).

The attackers are then able to change the bank account details on the statement of accounts and send this fake copy over to X’s legitimate customers explaining that this is what they owe and details of how to pay. Again, to the untrained eye of the user receiving this statement, they will most likely be none the wiser and will forward to their accounts team to settle the payment. Any payments sent to the bank details on the invoice will end up straight in the attacker’s bank accounts, ultimately meaning X believes they have settled their payments with Y, when in reality Y didn’t send the statement in the first place.

The helpdesk team have put together these 4 steps in checking that any emails you receive are in fact legitimate and not a phishing attack.

  • Is the email unexpected?
  • Is the sender unknown? In other words, does the domain actually match who they say they are?
  • Does the email have any links or attachments it wants you to open?
  • Is it written in poor English, or have grammatical mistakes?

If one or more of the above can be answered ‘Yes’, then there is a possibility the email is not genuine. The more ‘Yes’s’, the higher the probability that this email is actually a cyber attack. If you would like to discuss this further and understand the measures we can implement to prevent your organisation falling victim to these kinds of attacks, please contact us today.