Jaclyn McRae 10 April 2017 13:35:06 AEST 2 MIN READ

Don’t click: Bogus MYOB invoice hides malware

 A huge batch of malicious emails designed to impersonate accounting giant MYOB is hitting inboxes this morning, posing a risk to those curious enough to view the attachment.

The email, delivered at a rate of thousands per minute, indicates that an invoice has been issued and requires payment.

Various iterations of the email have been sent across the morning, with different company names and invoice amounts being used. This is most likely an attempt to outrun antivirus software.

The fake invoice generally tells recipients they owe between $6300 and $6400, with the amount due today.

MYOB scam April1017MailGuard2.jpg

Adding to the likelihood that some recipients will fall for the scam, the well-formatted fraud email looks like a legitimate invoice from a company using MYOB software. It includes links to the real MYOB website.

But rather than being sent from MYOB, it’s delivered by the newly-registered domain myob-australia.com. 

Those who click the link to ‘view invoice’ are directed to a compromised SharePoint website, which hosts a Trojan in the form of a JavaScript file. In some versions the link points to a zip file which encloses the JavaScript payload.

When executed, the JavaScript payload file installs itself to autorun at Windows startup and attempts to steal private information from internet browsers.

How can I protect myself from these types of email scams?

  • Check who it was sent by. Examine the sender or reply-to address and check that it hasn’t been sent from a similar, but recently-registered domain such as mailguard.com instead of mailguard.com.au.
  • Be alert for strange sentence structure, or phrasing uncommon to the apparent sender
  • Never sidestep formal processes for payments. If in doubt, ring the apparent sender. If they’re not available, wait until they are. An enormous transfer is better to arrive later than to be lost without a trace to an overseas cybercriminal.
  • Implement scam-proof approvals processes for financial transfers such as two-factor authentication, which requires two employees to sign off on wire transfers
  • Education is imperative. Teach staff and employees what fraudulent emails look like. Here’s a good place to get started: Spot the scam.
  • Ensure your email security is up to scratch. A cloud-based, AI-based threat detection service such as MailGuard will protect your staff in real-time from targeted attacks, without the dangerous time-lag common with signature-based antivirus vendors.


Click here to download your free executive guide, Surviving the Rise of Cybercrime, by MailGuard CEO and founder Craig McDonald.


Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top