Hackers attack via e-invoices

Tens of thousands of Poles were affected in July attacks performed by hackers who sent out e-mails with fake e-invoices that turned out to be computer viruses, the Polish media reported august 18.

”Hackers attack our computers regularly, more or less frequently,” Kamil Sadkowski, an IT security analyst from ESET, told Dzienik Gazeta Prawna (DGP). “That is an element of the modern reality. But since July we have observed a true wave of a certain type of such attacks. Those were not direct attacks on the IT systems of the companies that they impersonated – the e-mails with infected attachments were sent out to random people.”

Hackers typically impersonate an employee of the accounting division of one of popular Polish companies such as the online auction company Allegro or the mobile phone and internet operator T-Mobile. In the e-mail the fraudster reminds the receiver of an alleged outstanding payment and attaches a supposed e-invoice. The attachment carries a Trojan horse type of virus, which uses the victim’s computer’s power to multiply bitcoins.

“For years we have warned internet users not to download and open attachments of unknown origin,” Przemyslaw Jaroszewski, cyber-crime expert from the Research and Academic Computer Network, told DGP.

“Unfortunately, it became much more difficult when companies began to use attachments to send e-invoices to their clients. Many people are aware of the danger, but hardly anyone knows, for example, that PDF files that are commonly used for e-invoices can also contain high-risk virus code.”

Although awareness about cyber-crime risk has considerably increased in Poland, the number of reported hacker attacks in July shows that many people remain oblivious to such danger. Experts predict that hackers will continue to use e-invoices as bait in the upcoming months.

Photo courtesy of Soerfm.