Always be wary of unexpected or unsolicited emails that contain attachments as they may contain malware. The vagueness and generic nature of this message should be a red flag and may be a ploy to get you to click on the attachment. Since the message does not address the recipient by name and provides no information about the supposed payment, it’s likely that it was a mass mailout and therefore not a legitimate invoice.
If you’re inclined to think that the attachment should be harmless because SVG is an image format, think again! SVG files can actually contain embedded scripts, meaning they can be laced with malware, which is definitely the case for this sample. If you clicked on this attachment, contact the Computer Help Desk or your department’s IT support staff immediately for assistance.
From: allen.lopez@o******.com
Subject: Payment ConfirmationAttachment: [Generic file icon] RTVBAS05GDBA09.svg (2 KB)
Payment Received, attached is your invoice.