Threat Alert:
MailGuard has detected a new scam email being sent out in large numbers this morning.
This message is designed to look like an invoice created with MYOB - see screenshot above.
The email subject is shown as ‘Invoice INV-04085 from DXJ Company’ and the body of the message advises the recipient that they have an outstanding invoice requiring payment.
The ‘sender’ address shown in the email messages is ‘noreply[at]sage-one[dot]net’
This domain - ‘sage-one[dot]net’ - was created on a Chinese domain registrar yesterday.
This is not a legitimate MYOB message. Clicking on the ‘view invoice’ link in this email will take the recipient to a zipped JavaScript file and invite them to download and open it. See screenshot below:
JavaScript files linked by scams of this type typically activate malware on victim’s computers. In this instance the JavaScript appears to be a 'dropper' - a type of malware which downloads spyware and viruses to a compromised computer without the victim's knowledge.
It is never a good idea to open a .zip file from a link in an email, because zipped folders are often used to disguise malware.
This is a large-scale scam, so please forward this warning to your network.
MailGuard has protected our clients from receiving this message in their inboxes, but many unprotected email accounts may be impacted today.
- Always hover your mouse over links within emails and check the domain they’re pointing to. If they look suspicious or unfamiliar don’t open them.
- 9 out of 10 cyber-attacks are delivered via email, so it's essential to have the best email filtering in place to protect your systems. For a few dollars per staff member per month, you can have the peace of mind of MailGuard's comprehensive cloud-based email and web filtering. You’ll significantly reduce the risk of zero-day (previously unknown) threats and stop new variants of malicious email from entering your network.
- Keep up to date on the latest scams by subscribing to MailGuard updates or follow us on social media. If you’re experiencing problems, you can speak to a cloud security specialist on 1300 30 44 30