Jaclyn McRae 19 September 2016 09:42:00 AEST 2 MIN READ

Accounting sector targeted in successive Trojan email attacks

 Accountants and bookkeepers have been the target of high-volume phishing attacks in the past week.

In each attack, cybercriminals sent out fake invoices bearing the logos of accounting software providers Xero, FreshBooks and Intuit QuickBooks.

The attacks were large in volume and, in some cases, varied and persistent. In each case, recipients were asked to click a link to view an outstanding invoice. Unfortunately, those curious enough to click the link played right into the cybercriminals’ hands.


In each case, the links directed users to a malicious download in the form of a JavaScript file bearing a Trojan. This has the potential to allow hackers easy access to a computer, and any valuable information it holds.

Why target accountants and bookkeepers?

It’s an increasingly popular tactic among scammers: leverage the good reputation of a known brand name to exploit victims.

Accountants, bookkeepers and finance professionals within businesses are an especially popular target of these scams.

Global cybercrime networks know that those individuals are the custodians of valuable financial credentials and sensitive employee data. Plus, they are regularly downloading attachment invoices and clicking through to links, so they’re a vulnerable and attractive target.

By simply amending account details on an invoice run, or within a pay run, attackers can yield hundreds of thousands of dollars with little prospect of being caught.

What do scammers want me to click a link?

The object of this type of phishing scam isn’t simply to get the victim to hand over money.

Scams of this nature are typically attempting to steal valuable data such as usernames and passwords or sensitive banking and financial information.

The danger of Trojans is the user may not realise their computer is housing malware. Meanwhile, the Trojan is working behind the scenes to take actions not authorised by the user, such as modifying, stealing, copying or even deleting data.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. 

Our benchmarking shows that MailGuard is consistently 2-48 hours ahead of the market in preventing new attacks.

Find more tips on identifying email scams by subscribing to MailGuard’s blog.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top