Police Warn of Fraud Involving Fake Email Invoices, Remote Access Software

On Friday 1 August 2025, the Grand Ducal Police issued a warning about fraudulent emails involving fake invoices and reminders, noting that cybercriminals are using remote access software to commit fraud.

In recent months, the police have received several reports of a fraud scheme that primarily targets businesses, including large corporations but also small and medium-sized enterprises (SMEs).

The fraud typically starts with a reminder email sent from an already compromised email account. The message threatens the company with legal action and demands payment of an invoice. A PDF file is usually attached. However, to view the file, the user is asked to install an "Adobe Module".

The police warned that clicking the link in the PDF initiates the download of Remote Monitoring and Management (RMM) software, which silently grants the perpetrators full access to the victim's computer.

Once access is obtained, the perpetrators can retrieve the necessary passwords for the payment software used (e.g. MultiLine) and transfer large sums to various money mules.

The perpetrators then use the victim's email account to send out further scam emails. Since the messages come from a known sender, recipients are usually not suspicious and are more likely to fall for the same scam.

In one reported case, about 1,200 emails containing the malicious PDF and RMM link were sent from a single email account to other victims. Since large-scale transfers by companies are not uncommon, they do not necessarily raise immediate red flags with the banks.

To avoid falling victim to such scams, the police have issued the following recommendations:

• be cautious of emails with suspicious demands or requests for a quick response, even if they come from a known sender;
• remove your LuxTrust card from the reader when away for an extended time to prevent unauthorised transfers;
• always check whether the email is addressed to you personally and whether it contains errors or incorrect translations;
• if the origin of a message is unclear or in case of any doubts, contact the relevant organisation directly;
• never click on suspicious links or open suspicious attachments received by email;
• if you suspect you have clicked a malicious link, have your PC checked, as RMM software is not often detected by standard antivirus programmes;
• if suspicious software is detected, change all relevant passwords - especially your LuxTrust PIN - once you device has been scanned;
• check bank accounts and report any suspicious transactions directly to your bank;
• if you fall victim to such a scam, contact your bank.

The police urged anyone who has become a victim of fraud to contact a police station immediately and file an official complaint.