Take a second look before viewing an online remittance purportedly issued by MYOB. The well-known accounting software company is being mimicked in a phishing scam currently circulating.
The scam was first identified and blocked by MailGuard on Thursday, with subsequent runs continuing into Friday.
With the subject line reading ‘Remittance Advice Confirmation’ the attack consists of a relatively simple HTML email carrying an authentic looking remittance that claims to be ‘Powered by MYOB.’
The email trades on the trusted reputation of the Australian software company – in an attempt to dupe people into clicking the link. It’s a common tactic used by cybercriminals.
Why are brand-impersonation scam emails so popular?
There are many factors. But in short, cybercriminals prefer to rely on the hard work of others.
By targeting popular brands, recipients are more likely to have a relationship with the company being impersonated. That’s an instant foot in the door.
Here’s some more information on why online criminals hide behind trusted brands.
Why the risk extends beyond professionals who use MYOB
MYOB – and the companies that use this software – are innocent parties in this invoice scam.
But it’s not just direct customers at risk. Because the fraudulent email has been distributed so widely, it widens the net with regard to the number of people susceptible to the scam.
This presents a real risk – particularly for businesses that enable employees to check their personal email on work computers.
Details about the scam email
When you click on the view remittance link, you’ll be directed to a log-in page which is the point at which your credentials fall into the hands of the criminals behind the scam.
There are several versions of the log-in page used in this scam. Below are a couple of examples:
MailGuard detected a similar MYOB scam in June: https://www.mailguard.com.au/blog/new-myob-brandjacking-scam
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.