I’m catching up here on Mastodon while doing a show, and I’m finding something that I would not expect boosted from this particular person. But I saw it from them anyway. Thanks DJ Celrock for this one. You are valued here as I would’ve never seen this otherwise.
The boost that caught my attention said:
Celeste, AKA DJ Celrock!: Boosting Gynvael Coldwind (gynvael): Imagine the following situation: your company receives a ZIP file with an invoice, and you’re the person responsible for checking if all the details are correct, before sending it off to the payment department. You open the archive, and there’s a single PDF inside. You view it, and all the details match—your company’s details, seller’s company’s details, items and total amount are what’s expected, and even the bank account number is the same as on previous invoices from this company. As everything looks good, you forward the ZIP with the invoice to the payment team, and move onto reviewing other incoming invoices.
A few days later you receive the same invoice again, but you already have it in the system. Just in case you reach out to the payment department whether it’s been paid, and they confirm it has—great, no action required.
Another month passes by, and you get a “payment due” reminder. What’s this? You remember it being paid already, so what gives. You ask the payment team, they again confirm the invoice was settled. You phone the seller about this, but they say they received nothing. So you head down the hall to the payment department, you open the invoice on your laptop, and start going through the details with them. But what’s this? The destination account number and amount in the wire transfer and the invoice don’t match! The payment team manager’s face gets a bit red—seems like it was their mistake? But no! They show you the invoice, and the amount and account number match the actual payment… but it doesn’t match what you see on your screen! How can this be?
Both of you re-download the ZIP archive from the email you’ve forwarded and open the PDF inside. And there it is—you see two different invoices. What in the world is happening?
Immediately you report it up the chain, and your boss’s boss gets a pair of IT forensics consultants on the job. They investigate, and later you learn that your company has been scammed with a pair of different invoices hidden inside a schizophrenic ZIP file. This means that you—on your work laptop running a certain software stack—saw and approved the correct invoice. But the payment team—running a different software stack—saw the fake invoice inside the ZIP, which they thought was what you had approved. Even later on you find out that the seller’s company has been partially compromised and a lot of their customers got fake invoices. But that’s water under the bridge at that point, and the money your company transferred is long gone.
Technical details ? https://hackarcana.com/article/yet-another-zip-trick
image with no description.
This definitely caught my attention and the article is titled Yet another ZIP trick. I’ve never seen this before, although from what they’re aying in this article, its possible I have.
I remember receiving resumes from people I can’t even read as Word or whatever program indicated that the file couldn’t be read. I don’t remember if that came in as zip files, but the discussion of what this is reminded me of this particular ordeal that I saw.
Luckily, a good number of unzipping tools detect the anamaly and don’t allow you to view it, but this is probably why you should probably ditch zip files now because of what they can do.
I hope I don’t get this one now that I’m familiar with what this is.
Invoicing these days I do either through my provider Freshbooks, PayPal or even Stripe has invoicing capabilities.
If you do receive invoices, your typical PDF should be able to be sent via attachment if necessary.
This is crazy!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.
Hi jared.
Which is why I rarely if ever send pdfs or zips via email.
If I sent an invoice at you I would prefer a direct cloud link from my dropbox with the file in it.
I wouldn’t zip it, and I’d probably send it via doc format.
If I did send a zip with pdf in it it would be for reccords and I’d always write the thing out.
Bar keeping our stuff updated I am unsure how we in general can combat this type of scam.
Point is, its not as easy as saying no zips, atttachments or pdfs.
Pdfs are web archives and are the standard for just about the entire net.
All stuff scanned by scanners are pdfs in general.
While adobe acrobat can access them, simple access is available in mostt brousers, chromium stuff, even mozilla branded brousers use bits of the chromium engine so its all in the same trunk as it were.
Ai certainly was involved.
We can assume something ran on the system.
It wouldn’t be that complicated.
Firstly if you hacked a company, and knew what each would see then you could show what was expected.
The other thing maybe part of the doc in another tab but you wouldn’t necesarily look there.
As far as I know there is no chrime in requesting os versions, usernames, names and basic info for various purposes and lagit software and other things need some of that to work even if in a secured environment.
Anyway, there is that.
Knowing this exists or could some scan would have to be done to catch this second invoice but who knows.
For all we know it could simply download from another source and appear in the file.
I wouldn’t be surprised if the pdf was a part to a larger pdf and would instantly open the other one in another location.
Of course I rarely deal with the large pdfs and they can be archives of everything from pictures and music to other things.
The easiest way would be to send a word doc of the invoice and not do pdfs.
Or wite the invoice in the email or just send ttext files.
But none of that is really practical especially in a large business.
The only other way I guess you could do it is have all invoices uploaded to a central or non central cloud system and web portal.
I have this for government stuff as well as some other stuff.
Now that can be and has been hacked into but maybe even so it may be time to avoid email attachments completely.
But then every system has its issues and such and this is another chink the bad guys found in our armour.
They will find another reaccurring on and on and on thill and maybe past the end of the universe and round and round she goes forever spiraling down and down and down.
Thing is now we know about the hole and can mend it.
Its probably not even malware we just haven’t seen this way to break in.
Sadly with ai this is going to be another trick to put onto the world.
But then what is new.
We have breaches on a daily cycle and they never stop.