The phony invoice scam is a common scam popular with scammers because it is quite effective. It starts when you receive an email that purports to be from a popular company with which many of us do business that indicates that you owe them a significant payment. The scammers count on people being concerned that they are being wrongfully charged for a product they did not order. You are provided a telephone number to call if you dispute the bill. If you call the number, you will be prompted to provide personal information that will be used to make you a victim of identity theft.
This email appears to come from Kaspersky, a company that provides a wide range of digital security services. As always, the purpose of a phishing email is to lure you into clicking on links contained within the email or providing personal information, in this case by phone if you call to dispute the phony bill . If you click on links in phishing emails, you end up downloading malware and if you provide the requested information, it ends up being used to make you a victim of identity theft. This particular phishing email provides a phone number to call if you wish to dispute the obviously phony invoice. If you call the number in the phishing email you will be asked for personal information that will be used to make you a victim of identity theft.
There are a number of red flags that indicate that this is a scam. Your name does not appear anywhere in the invoice. Only your email address appears in the phony invoice. Also, the email was sent from an email address that has nothing to do with Kaspersky.
Here is a copy of the invoice being circulated.
Customer Support: (859) 951-2863
Once, I received a large invoice from a company with which I do business for goods I did not order, but rather than click on the link provided in the email, I went directly to the company’s website to question the invoice. When the website came up, the first thing I saw was a large announcement that the invoice was a scam and that many people had received these phony invoices. If you ever receive a phony invoice such as this and you think that it may possibly be true, don’t click on links or call phone numbers provided in the email. Rather, contact the real company directly at a phone number or website that you know is legitimate where you can confirm that the phishing invoice was a scam.
Never click on links or download attachments in emails or text messages unless you have absolutely confirmed that they are legitimate and don’t call companies at telephone numbers that appear in the email such as this one. Instead, if the email appears to come from a legitimate company, you can call them at a telephone number you confirm is legitimate . Don’t call the number that appears in the email. In the case of Kaspersky, the real telephone numbers to call for customer service are 7-495-797-8700, 7-495-797-8709 and 7-495-956-7000 . One of the indications that this is not legitimate and is a phishing email is the fact that the email address from which it was sent has nothing to do with Kaspersky. Most likely it is the email address of someone whose email account was hacked and made a part of a botnet used to send out thee phishing emails. Also, nowhere in the email does your name appear.
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide has been cited by the New York Times as one of three top sources for information about Coronavirus related scams.