Invoice-related spam is common. It doesn't mean, though, that everyone stops it. 

This one spoofs a well-known Spanish company. It claims that an invoice was not paid in full. The payload was a malicious .xlsx file, however, it was missed by Microsoft ATP. Avanan stopped this attack.

Here's what the attack looks like. The subject is: "Urgent"

This is the content of the .xlsx file:


When you press "Open" a malicious javascript beings to run. 

Subscribe to Our Attack Briefs for More Research