The red flags above are a sign that you shouldn’t open the attachment. InfoSec examined the contents using a secure tool and found that it contains a blurred out picture of an invoice, overlaid with a box that says, “View Protected Document”. If a PDF tells you to click to view protected content, that is a sure sign the PDF is malicious. If you did open the PDF, reach out to your department’s IT support contact immediately for assistance, especially if you clicked on “View Protected Document”.<\/p>\n
![\"Fake](\"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-content\/uploads\/sites\/4983\/2023\/08\/2023-08-28-ultramar-invoicepng.png\")
<\/p>\n
From: Ultramar <support@cobills.com>
\nSubject: Your Ultramar invoice is now available to view\/Votre facture Ultramar est maintenant disponible \u00e0 la consultation<\/p>\nAttachment: Invoice3421.pdf<\/p>\n
Thank you for choosing Ultramar as your product and service provider. We appreciate your business! We would like to remind you that e-Bill is our environmentally friendly billing option.
\nPlease do not reply to this email.<\/strong>
\nIf you have any questions, please see the attached statement for Ultramar contact information.<\/p>\nMerci d’avoir choisi Ultramar comme fournisseur de produits et services. Nous appr\u00e9cions votre entreprise ! Nous vous rappelons que l’e-Bill est notre option de facturation \u00e9cologique.
\nVeuillez ne pas r\u00e9pondre \u00e0 cet e-mail.<\/strong>
\nSi vous avez des question, veuillez consulter la d\u00e9claration ci-jointe pour les coordonn\u00e9es d’Ultramar.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"Fake invoices are a common theme for PDF phishing. Be wary if you receive an invoice email that you weren’t expecting, especially if it comes from a company that you don’t have any dealings with. This fake invoice email is relatively well-written, but there are a couple of signs that the attachment isn’t legitimate: The … Continue reading Your Ultramar invoice is now available to view<\/span><\/a><\/p>\n","protected":false},"author":8719,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"image","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1688","post","type-post","status-publish","format-image","hentry","category-uncategorized","post_format-post-format-image"],"_links":{"self":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/posts\/1688","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/users\/8719"}],"replies":[{"embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/comments?post=1688"}],"version-history":[{"count":2,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/posts\/1688\/revisions"}],"predecessor-version":[{"id":1691,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/posts\/1688\/revisions\/1691"}],"wp:attachment":[{"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/media?parent=1688"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/categories?post=1688"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/onlineacademiccommunity.uvic.ca\/phishbowl\/wp-json\/wp\/v2\/tags?post=1688"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}