ConnectWise Client download from invoice

My wife got this email regarding a large invoice. Clearly a scam, but curious as I am, when you click on the invoice, it downloads ConnectWiseControl.Client.exe, not something anyone should do, obviously. When I opened it in a Win 11 VM, it installed remote access software. Checking the processes, it was pegging the cpu and virtual HDD at 100%


---------- Forwarded Message ----------
From: Oaks Danner [email protected]
Subject: You Invoice has been paid #2281298
Date: Sat, 12 Nov 2022 06:02:39 -0800

Dear -,

A new invoice has been paid for your Mailjet by Sinch account is now available.

Invoice Number: 933056
Issue Date: 2022-11-12
Total: $2792.32

Please see the invoice attached.

You can also view your invoice in your control panel.

Download Invoice

Note : Your order will be confirmed whithin few hours and will be Shipped .
if you want to cancel this order,please download invoice and fill the cancellation immediately!

Thank you,


ConnectWise is insidious remote software. It runs as a permanent windows service (screen connect)
Scammers can connect any time w/o permission.
One needs to stop the screen Connect Windows service and disable it.
What is the scammer phone number?

There was no phone # in the email. I had opened it in a VM of Windows 11, so no harm done, just returned it to a previous snapshot and checked to make sure no services were running. I suspect it was used to steal computer resources for something, but don’t know.

1 Like

right. Scammer had the ability to login to your VM.