This email, which purports to be from a farm machinery company, urges you to click a link to view full invoice details.
Supposedly, the invoice email was generated via the business and accounting service MYOB.
However, the email is not a genuine invoice notification and it is not associated with either MYOB or the machinery company it lists as the sender. The machinery company is real, but it did not send the email.
Instead, the email is a criminal ruse designed to trick you into installing malware on your computer.
Clicking the invoice links in the message downloads a seemingly harmless Microsoft Word document.
But, when you try to open this Word document, you will be prompted to enable macros. A message will claim that macros are required to keep the document secure. If you enable macros as instructed, a malicious macro will then download and install further malware.
Complex macros can be created using VBA (Visual Basic for Applications) and can be very helpful in some workflows. But malicious VBA macros can also be created and distributed. In years gone by, macro viruses were common computer security threats. But, for the last several years, they have been much less significant due to the fact that later versions of Microsoft Office disabled macros by default and implemented other security measures.
However, criminals have apparently realized that many computer users will have forgotten about or have no knowledge of macro threats. Thus, malicious macros are again being used to spread malware.
In modern incarnations of the threat, criminals do not try to subvert in-built security systems but use simple social engineering techniques to get users to allow the macros to run. The criminals rely on the curiosity of recipients who may proceed without due caution in the hope of finally viewing the promised document content.
Unless you have a compelling reason, you would be best to leave macros disabled by default. And do not believe any message that claims that you must enable macros to view or interact with Microsoft Office documents.
This malware may be ransomware that locks your computer files and then demands that you pay a fee to the scammers to receive an unlock key. Or, it may be designed to steal information such as banking passwords from your computer.
The criminals who distribute these emails hope that at least a few recipients will be tricked into downloading the malware. Some users may click because they belive a mistake has been made or because they are concerned that their account has been compromised and used to purchase farm machinery. And, customers of the company named in the message may be inclined to think that invoice is genuine.
Fake invoice emails like this one are regularly used to distribute malware. Company names and other details may vary in different versions of these emails.
Be wary of any message that claims that you must enable macros just to view an ordinary document such as an invoice. There is no valid reason why macros would need to be enabled to read such a standard document.
An example of the malware email:
