From: Sage Invoice [invoice@sage.com]
Date: 2 April 2015 at 12:24
Subject: Outdated Invoice
From: Sage Invoice [invoice@sage.com]
Date: 15 September 2014 12:08
Subject: Outdated Invoice
Sage Logo
Sage Account & Payroll
You have an outdated invoice from Sage Accounting that is ready for payment. To find out more details on this invoice, please follow the link bellow or click here to view/download your account invoice:
https://invoice.sage.co.uk/Account?336541=Invoice_090914.zip
If we hold any information about you which is incorrect or if there are any changes to your details please let us know by so that we can keep our records accurate and up to date. If you would like to update your records or see a copy of the information that we hold about you, you can contact us at Data Protection Officer, Sage (UK) Ltd, North Park, Newcastle-upon-Tyne, NE13 9AA or by email to digital@sage.com. If you request a copy of your information you will need to pay a statutory fee which is currently £10.
The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies.
We have communicated this information with users as well, and we will continue to communicate with you through email as your transition continues.
This email was sent to: [redacted]
This email was sent by: Sage UK Limited
NC1-002-08-25, Newcastle upon Tyne., North Park, NE13 9AA, United Kingdom
Privacy and Security
Keeping your financial information secure is one of our most important responsibilities. For an explanation of how we manage customer information, please read our Privacy Policy. You can also learn how Sage UK Limited keeps your personal information secure and how you can help protect yourself.
From: Sage Account & Payroll [invoice@sage.com]The link in the email does not go to invoice.sage.co.uk at all, but loads a page from:
Date: 9 September 2014 13:31
Subject: Outdated Invoice
Sage Account & Payroll
This email was sent to: [redacted]
The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies.
We have communicated this information with users as well, and we will continue to communicate with you through email as your transition continues.
This email was sent by: Sage UK Limited
NC1-002-08-25, Newcastle upon Tyne., North Park, NE13 9AA, United Kingdom
Privacy and Security
Keeping your financial information secure is one of our most important responsibilities. For an explanation of how we manage customer information, please read our Privacy Policy. You can also learn how Sage UK Limited keeps your personal information secure and how you can help protect yourself.
From: Sage Account & Payroll [invoice@sage.com]
Date: 17 October 2014 10:28
Subject: Outdated Invoice
Sage Account & Payroll
You have an outdated invoice from Sage Accounting that is ready for payment. To find out more details on this invoice, please follow the link bellow or click here to view/download your account invoice:
https://invoice.sage.co.uk/Account?864394=Invoice_032414.zip
If we hold any information about you which is incorrect or if there are any changes to your details please let us know by so that we can keep our records accurate and up to date. If you would like to update your records or see a copy of the information that we hold about you, you can contact us at Data Protection Officer, Sage (UK) Ltd, North Park, Newcastle-upon-Tyne, NE13 9AA or by email to digital@sage.com. If you request a copy of your information you will need to pay a statutory fee which is currently £10.
The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies.
We have communicated this information with users as well, and we will continue to communicate with you through email as your transition continues.
This email was sent to: [redacted]
This email was sent by: Sage UK Limited
NC1-002-08-25, Newcastle upon Tyne., North Park, NE13 9AA, United Kingdom
Privacy and Security
Keeping your financial information secure is one of our most important responsibilities. For an explanation of how we manage customer information, please read our Privacy Policy. You can also learn how Sage UK Limited keeps your personal information secure and how you can help protect yourself.
From: Sage Invoice [service@sage-invoices.com]
Date: 17 November 2016 at 10:54
Subject: Outdated Invoice
This is a customer service e-mail from © Sage (UK) Limited to [redacted]
Sage Invoice Payments
Outdated Invoice
You have an outdated invoice from Sage Invoice Payments that needs your attention. To find out more details on this invoice, please see the enclosed document attached to this email.
The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies.
We have communicated this information with users as well, and we will continue to communicate with you through email as your transition continues.
This email was sent by: Sage UK Limited
NC1-002-08-25, Newcastle upon Tyne., North Park, NE13 9AA, United Kingdom
Privacy and Security
Keeping your financial information secure is one of our most important responsibilities. For an explanation of how we manage customer information, please read our Privacy Policy. You can also learn how Sage UK Limited keeps your personal information secure and how you can help protect yourself.
From: Riley Crabtree [creditdepart@rbs.co.uk]
Date: 25 September 2014 10:58
Subject: BACS Transfer : Remittance for JSAG814GBP
We have arranged a BACS transfer to your bank for the following amount : 4946.00
Please find details at our secure link below:
http://shetabweb.com/bvqsyphiwq/cdddcetuex.html
From: Sage Account & Payroll [invoice@sage.com]
Date: 25 September 2014 10:53
Subject: Outdated Invoice
Sage Account & Payroll
You have an outdated invoice from Sage Accounting that is ready for payment. To find out more details on this invoice, please follow the link bellow or click here to view/download your account invoice:
https://invoice.sage.co.uk/Account?928143=Invoice_092514.zip
If we hold any information about you which is incorrect or if there are any changes to your details please let us know by so that we can keep our records accurate and up to date. If you would like to update your records or see a copy of the information that we hold about you, you can contact us at Data Protection Officer, Sage (UK) Ltd, North Park, Newcastle-upon-Tyne, NE13 9AA or by email to digital@sage.com. If you request a copy of your information you will need to pay a statutory fee which is currently £10.
The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies.
We have communicated this information with users as well, and we will continue to communicate with you through email as your transition continues.
This email was sent to: [redacted]
This email was sent by: Sage UK Limited
NC1-002-08-25, Newcastle upon Tyne., North Park, NE13 9AA, United Kingdom
Privacy and Security
Keeping your financial information secure is one of our most important responsibilities. For an explanation of how we manage customer information, please read our Privacy Policy. You can also learn how Sage UK Limited keeps your personal information secure and how you can help protect yourself.
From: Lloyds Commercial Bank [secure@lloydsbank.com]
Date: 25 September 2014 11:36
Subject: Important - Commercial Documents
Important account documents
Reference: C400
Case number: 05363392
Please review BACs documents.
Click link below, download and open document. (PDF Adobe file)
----------------------
http://fantastyka.nets.pl/irdmewoars/jyfiqmcojv.html
-----------------------
Please note that the Terms and Conditions available below are the Bank's most recently issued versions. Please bear in mind that earlier versions of these Terms and Conditions may apply to your products, depending on when you signed up to the relevant product or when you were last advised of any changes to your Terms and Conditions. If you have any questions regarding which version of the Terms and Conditions apply to your products, please contact your Relationship Manager. .
Yours faithfully
James Vance
Senior Manager, Lloyds Commercial Banking
Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.
Please remember we guarantee the security of messages sent by email.
From: NatWest Invoice [invoice@natwest.com]The links in the emails go to different download locations to make it harder to block:
Date: 25 September 2014 10:28
Subject: Important - New account invoice
Your latest NatWest invoice has been uploaded for your review. If you have any questions regarding this invoice, please contact your NatWest service team at the number provided on the invoice for assistance.
To view/download your invoice please click here or follow the link below :
https://www.nwolb.com/ServiceManagement/ InvoicePageNoMenu.aspx? InvoiceCode=Invoice_232449
Thank you for choosing NatWest.
Important: Please do not respond to this message. It comes from an unattended mailbox.
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
The Royal Bank of Scotland International Limited trading as NatWest (NatWest). Registered Office: P.O. Box 64, Royal Bank House, 71 Bath Street, St. Helier, Jersey JE4 8PJ. Regulated by the Jersey Financial Services Commission.
From: noreply@sage.com [noreply@sage.com]
Date: 21 September 2015 at 11:30
Subject: Your Sage subscription invoice is ready
Dear Ralph Spivey
Account number: 45877254
Your Sage subscription invoice is now online and ready to view.
Sage One subscriptions
Please follow the link bellow to view/download your account invoice: http://www.sageone.co.uk/
Got a question about your invoice?
Call us on 1890 88 5045
If you're an Accountant, please call 1890 92 21 06
If you're a Business Partner, please call 1890 94 53 85
Kind Regards
The Sage UK Subscription Team
Please note: There is no unsubscribe option on this email, as it is a service message, not a marketing communication. This email was sent from an address that cannot accept replies. Please use the contact details above if you need to get in touch with us.
Subject: Your Sage subscription invoice is ready
From: "noreply@sagetop.com" [noreply@sagetop.com]
Date: Thu, August 24, 2017 8:49 pm
Dear Customer
Your Sage subscription invoice is now ready to view.
Sage subscriptions
To view your Sage subscription invoice click here
Got a question about your invoice?
Call us on 0845 111 6604
If you're an Accountant, please call 0845 111 1197
If you're a Business Partner, please call 0845 111 7787
Kind Regards
The Sage UK Subscription Team
Please note: There is no unsubscribe option on this email, as it is a service
message, not a marketing communication. This email was sent from an address that
cannot accept replies. Please use the contact details above if you need to get in
touch with us.
From: Sagepay EU [accounts@sagepay.com]Attached is a file INV00318132_V0072048_12312014.xls which appears to come in a wide variety of different versions (at least 11). The VirusTotal detection rate for a subset of these is 4/54 [1] [2] [3] [4] [5] [6]. Only a single Malwr report seemed to work, indicating the macro downloading from:
Date: 11 February 2016 at 13:21
Subject: Your Sage Pay Invoice INV00318132
Please find attached your invoice.
We are making improvements to our billing systems to help serve you better and because of that the attached invoice will look different from your previous ones. You should have already received an email that outlined the changes, however if you have any questions please contact accounts@sagepay.com or call 0845 111 44 55.
Kind regards
Sage Pay
0845 111 44 55
From: Margarita.Crowe@sage.co.uk [Margarita.Crowe@sage.co.uk]Attached is a file sage_invoice_3074381_09042014.pdf which is identical to the payload for this Companies House spam circulated earlier.
Date: 23 July 2014 10:31
Subject: FW: Invoice_7104304
Please see attached copy of the original invoice (Invoice_7104304).
Date: Tue, 20 May 2014 09:20:53 +0100 [04:20:53 EDT]
From: Sage [Wilbur.Contreras@sage-mail.com]
Subject: FW: Invoice_6895366
Please see attached copy of the original invoice (Invoice_6895366).
Date: Tue, 8 Apr 2014 08:65:82 GMT
From: Sage [Merrill.Sterling@sage-mail.com]
Subject: RE: BACs #3421309
Please see attached copy of the original invoice.
Date: Mon, 4 Nov 2013 21:00:59 +0600 [10:00:59 EST]Attached is a file PaymentOverdue.zip which in turn contains a malicious executable Payroll_Report-PaymentOverdue.exe with a icon that makes it look like an Excel spreadsheet.
From: Payroll Reports [payroll@sage.co.uk]
Please find attached payroll reports for the past months. Remit the new payment by 11/10/2013 as outlines under our payment agreement.
Sincerely,
Bernice Swanson
This e-mail has been sent from an automated system. PLEASE DO NOT REPLY.
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.
From: SANTAN [sfernandes@simplesimon.co.uk]Both the "From" and "To" fields are fake. Attached is a document fax00065189.doc that I have seen two versions of (VirusTotal results [1] [2]). The Malwr reports for those two files [3] [4] show that this is trying to deliver the Dridex banking trojan, as described here.
To: POLLY [olga@bayley-sage.co.uk]
Date: 12 January 2016 at 10:55
Subject: Copy of our CREDIT NOTE number 00000962064
This message contains 1 pages in Microsoft Word format.
From: fernando derossi fernandderossi59@gmail.comThe email links to a website at www.ahrrpc.8k.com which set off all sorts of alarms on my virus scanner, but I think it is just an ad-laden free web hosting site, and purports to be from the African Human Right and Refugees Protection Council (AHRRPC).
To: fernandderossi59@gmail.com
Date: 1 February 2014 13:22
Subject: URGENT FOOD STUFF SUPPLY NEED FOR REFUGEES
Signed by: gmail.com
Dear Sir:
My company has been mandated to look for a company capable of
supplying food stuffs product listed bellow by the AFRICAN HUMAN
RIGHT AND REFUGEES PROTECTION COUNCIL (AHRRPC) for assisting of the
refugee within the war affected countries IN middle east and Africa
like MALI,SYRIA, SOMALIA, CENTRAL AFRICA, and SOUTH SUDAN, which after
going through your company's profile, have decided to know if your
company is interested.
Below are the list of food Stuffs and the targeted value
needed by (AHRRPC)
1. Rice
2. Beans
3. Milk powder
4. Sugar
5. Vegetable Oil
6. Used Cloths
7. Wheat Flour
8. White corn meal
9. Corn Cooking oil
10. Cumin seed oil
11. Ground nut
12. Sage Oil
13. Soya bean oil
14. Palm oil
15. Fresh Vegetables
16. Fresh fruits
17. Cocoa powder.
We will be happy to work with you company only as representing agent
to secure an allocation for your company while in return your company
will give us comission as soon as your receive your contract value. We
will give you more details about the contract when we recieve your
reply.
Regards,
Mr.Fernando Derossi
AHRRPC AGENT
Website:www.ahrrpc.8k.com
Bamako-Mali in West Africa.
