Kaseya seeks perpetrators of fake-invoice malware attack
Emails purporting to be from remote management firm asks recipients for payment for licences
Send to Kindle
Kaseya is seeking to identify the people behind a reported malware attack being perpetrated using a fake invoice from the managed services company.
Earlier this week this reporter was one of many people to receive an email (see screenshot below) titled Kaseya Invoice, with the subject line also containing an eight-character customer reference. The message, which was addressed to ‘Accounts Payable', went on to thank the reader for their recent purchase of Kaseya licences, and indicated that an invoice in Word or Excel form was attached.
The missive further stated that, if the reader wished to pay via bank transfer, then details were included on the attached invoice. Credit card payment was possible by emailing a given address, said the message, which signed off with a person's name and contact number.
Various security blogs and advice sites have flagged up the emails as a risk, counselling that opening the invoice attachment could see your machine infected with Dridex malware. According to myonlinesecurity.co.uk the emails have been primarily sent to SMBs.
A Kaseya spokesperson told Channelnomics Europe that the remote management firm was "very disappointed" to learn of its name being used in this way, but that such misuse was an occupational hazard of its status as a well-known industry brand.
"It's often the companies who are most successful in their space who are targeted, as those perpetrating these phishing schemes know that using names like Kaseya's are a way to cast a wider net and have higher probability of convincing a recipient to respond," they added.
The spokesperson revealed that Kaseya has begun an investigation to identify those responsible for the attempted attack, in the hope of putting a stop the emails. They also spoke to reassure any customers and partners that might harbour concerns.
"We have no indication that these emails are being targeted to anyone in particular and it appears that this phishing scheme is targeted to the internet as a whole and not to Kaseya partners," said the spokesperson. "However, we'd like our community to know that while emails from Kaseya's billing department may include attached invoices, they will always contain a personalised subject line and greeting - typically the contact's name and the name of their company. They will also include the sales order number - if one has been established yet - and will always come from firstname.lastname@example.org. These are things that recipients should look for.
"We'd also encourage everyone, Kaseya customer or not, to always practice good email hygiene and to enlist the use of good antivirus and antimalware tools to protect themselves from such attacks."