Recently, I've been receiving messages like this:
The link is not malicious and is a real service that brings me here:
Firstly, I didn't order no flowers or orchids. There are a few things that we can extract from this 'Tax Invoice'. We can find this scammer's email here:
This domain doesn't have a website of any sort. I used the Whois service to identify this domain:
Within the invoice, we can also find some other interesting information:
I ran a check on these UEN numbers, and they are legit and from the Fu Luxe company. I just found it odd that they would bill me through XERO instead of doing an email to the company's finance team, or calling me directly.
exiftool doesn't reveal anything interesting about this PDF:
Take note of the date, because although the charges are '3 months overdue', this file was created on the same day that I receved the message.
We can also take a look at the 'items' that I 'ordered':
I found it quite hilarious that their mathematics was correct.
I honestly cannot tell if this was an honest mistake, or if this was a scam. It's certainly shady, and being paranoid is a result of seeing all the scams around.
Turns out this might've been a legit person. Asked me if I was working at <LEGIT COMPANY NAME> and I said no, they said sorry.
Whoops. May or may not have replied with funny things.
