Cybercriminals are sending fake emails about unsettled payments from an Energa Group, the message is dangerous due to the fact that it contains a dangerous attachment.

According to Dziennik Internautów, messages are sent from the address admin@zamira-company.com and sekretariat@torino-polska.com. Opening the attachment may cause damage to your device.

The subject of the message is related to the unsettled payment for the year 2019 - “Statement of unpaid Energa 2019 documents”. There are two types of messages, in the content of the first of them we learn that we have unsettled invoices, a list of which is included in the attachment, and we get instructions on how to open the file. The message body contains only the signature of the Energa’s debt collection department. The second type of message contains a warning about the suspension of electricity supply if the outstanding obligations are not settled within 24 hours. The attachment is also included with the message, allegedly containing the invoice. This time the message body contains the Energa’s company logo.

The attachment is an Excel file, after opening and accepting macro execution it downloads the malicious file.
What are the risks? CERT Energa informs that devices may be damaged, including data encryption and leak of sensitive user data, such as login credentials.