In the ongoing escalation of evil-doers trying to trick people into clicking on bad stuff, we are now seeing emails sent with fake previews under the pretense of “Your invoice” or “Payment confirmation”. This marks the next stage in the evolution of social engineering phishing attacks. The bad guys figure if they provide a picture that’s too small to read that your instinct or curiosity will prompt you to click on it to open it. DON’T FALL FOR THIS ATTACK.

The attachments actually are executables that will run a malicious program to install malware to infect your computer and/or web browser when you double click on the fake image preview.

Whether you do banking, bill pay, etc online, the service or institution you use will NEVER send you an EMAIL with an ATTACHMENT claiming it’s your “invoice” or “confirmation” for anything. Especially if the “purchase” or “alert” seems to come out of nowhere. This is also true for any and all unsolicited email “alerts” with links that tell you need to “verify” your identity or provide any personal information. You should assume all such emails are Phishing attacks and you should promptly delete them.

If you have any question or doubts about the status of any of your personal accounts, the status of any charge, or invoice, go onto the Internet on your favorite web browser and directly log into the service or institution that handles your banking or billing directly (eg. paypal, ebay, your local bank, etc). Verify for yourself directly from the source whether there are any issues. 99.9% of the time, there will be no actual issue.

Remember, only you can protect your identity and recognize these emails as phishing attacks. Never click on any links or attachments. Delete them all.

Please let us know if anyone has any questions.