Australians have been urged to take a second look before viewing an online invoice purportedly issued by MYOB.
The well-known accounting software company is being mimicked in a malware scam currently circulating.
Distribution began this afternoon and quickly escalated to become one of the biggest scam email influxes detected by MailGuard in the past 12 months.
The malicious invoices purport to come from various companies, and include ‘Powered by MYOB’ branding at the bottom of the message in an effort to convey legitimacy.
The email trades on the trusted reputation of the Australian software company – and the innocent suppliers whose names are used in an attempt to dupe people into clicking the link. It’s a common tactic used by cybercriminals.
Why are brand-impersonation scam emails so popular?
There are many factors. But in short, cybercriminals prefer to rely on the hard work of others.
By targeting popular brands, recipients are more likely to have a relationship with the company being impersonated. That’s an instant foot in the door.
Here’s some more information on why online criminals hide behind trusted brands.
Why the risk extends beyond professionals who use MYOB for invoicing
MYOB – and the companies that use this software – are innocent parties in this invoice scam.
But it’s not just direct customers at risk. Because the fraud email has been distributed so widely, and many innocent companies have had their name included as the invoice issuer, it widens the net with regard to the number of people susceptible to clicking the malicious link.
This presents a real risk – particularly for businesses that enable employees to check their personal email on work computers.
Details about the scam email
The ‘view invoice’ button links to a hosted .ZIP file containing malware. The domain was registered yesterday with a China-based registrar.
The sender display name varies but the displayed (and actual) sending address is noreply @ financialaccountant .info
The ‘View invoice’ button links to a .ZIP archive file which contains a malicious JavaScript file.
This type of malware:
- Steals private information from local Internet browsers
- Installs itself for autorun at Windows startup
- It also implements a process that significantly delays the analysis task.
MailGuard detected a similar scam in April: http://www.mailguard.com.au/blog/dont-click-bogus-myob-invoice-hides-malware.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.
