MailGuard has detected an email scam impersonating an Australian wedding photography company called Corral Photography.
MailGuard say they’ve detected a batch of scam emails that are designed to look like invoice notifications from the photographer and contain a ‘view invoice’ link which, when clicked, directs the victim of the scam to a file containing malware.
At a glance, the emails appear to include valid invoices with an invoice number, due date, balance due and a mailing address for the company. However, MailGuard say that the malicious emails are being sent from a compromised MailChimp account and display a variety of sender addresses, including Ironald@corralphotography.com.au.
The fact that the sender address domains use the URL ‘corralphotography.com.au’ suggests that the compromised MailChimp account may actually belong to Corral Photography, though they say they can’t confirm whether or not this is the case as of yet.
Ronald Corral of Corral Photography has Tweeted to warn their clients about the scam using their name. He wrote “I have just received numerous calls about bogus invoice spam that seemed to come from me. Please ignore and delete. Apologies for anyone receiving it.”
MailGuard say they are currently in communications with the management of Corral Photography to make them aware of the details of this attack.