Cyber-attack targets accounting software leader MYOB in new email invoice scam

Posted by Daniel McShanag on 17 October 2017 15:21:37 AEDT

In a cyber-attack that is still ongoing, cyber criminals are mimicking leading accounting software brand MYOB, delivering fake invoices to unsuspecting email recipients. The large-scale attack was first blocked by MailGuard early on Tuesday AEST.

The well formatted HTML email looks legitimate, and comes from a variety of different businesses, with a link to an MYOB invoice. The email claims that payment of the invoice is due shortly on 20 October.  


By clicking the link, unsuspecting users are directed to a compromised SharePoint (One Drive) site that hosts a malicious ZIP, which MailGuard suspects contains a Trojan downloader.  

Screen Shot 2017-10-17 at 1.56.59 pm.png

At the time of writing, no other vendors are detecting this scam as malicious.

Avoid being duped:

Be very suspicious of any emails that seem awry – either because of lack of customisations (e.g. a generic salutation), ill-timing or if you are not expecting correspondence or an invoice from a particular organization.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering to your business security. You’ll significantly reduce the risk of zero-day (previously unknown) threats and stop new variants of malicious email from entering your network.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Malware email scam Cybersecurity cybercrime Survivingcybercrime cybercrime statistics hoax email brandjacking Australian brands

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all