CERT Poland warns against a phishing campaign targeting entrepreneurs who expect orders filled out online. The entrepreneurs receives emails with information about the delivery or order of goods, the message includes an attachment.

Cybercriminals pretend to be real entities.

The message contains multiple linguistic errors, which are typical for this type of fraud, i.e.
- "Please pay attention to the delivery order in accordance with the terms therein contained"
- "Please find the attached order of inquiry arrange the delivery express. Send us an confirmation order with terms payment."

Attached is a RAR archive which contains a hidden executable. The cybercriminals’ goal is to infect device with the AgentTesla malware, thanks to which they gain remote access to the victim’s computer.