The first one that caught his eye was one with the subject new zealand phone number data line: “This is your invoice.” He didn’t recognize the sender’s name, something he dismissed as unimportant since Rober was more than used to receiving electronic invoices from different services periodically. The body of the email was not very descriptive either, so he couldn’t tell which company or agency it came from. Attached to it was a compressed file. Since there was no other way to know who it came from, curiosity got the better of him and he decided to download and open the file.
Fraudulent email with subject "This is your invoice" and a compressed .zip file attached
Once opened and unzipped, he could see that it contained an Excel spreadsheet, which he decided to open. To Rober's surprise, it did not contain any data; it was a blank sheet. The only element that caught his attention was that at the top, a warning was visible that had a button that said "Enable content."
Blank Excel sheet requesting "Enable content"
Rober didn't think about it for a second, he was tired and just wanted to turn off the computer so he quickly clicked on the button hoping that the Excel sheet would be enabled and show the contents of the invoice, something that didn't happen, so he decided to close the document without giving it any more importance and move on to the next email.
To his surprise, when Rober was responding to one of the messages, suddenly his browser opened and loaded a page with the following content:
