MYOB brandjacked in latest email scam

Posted by Daniel McShanag on 14 September 2018 12:28:32 AEST

 

Take a second look before viewing an online remittance purportedly issued by MYOB. The well-known accounting software company is being mimicked in a phishing scam currently circulating.

The scam was first identified and blocked by MailGuard on Thursday, with subsequent runs continuing into Friday.

With the subject line reading ‘Remittance Advice Confirmation’ the attack consists of a relatively simple HTML email carrying an authentic looking remittance that claims to be ‘Powered by MYOB.’

MYOB_140918-01

The email trades on the trusted reputation of the Australian software company – in an attempt to dupe people into clicking the link. It’s a common tactic used by cybercriminals.

Why are brand-impersonation scam emails so popular?

There are many factors. But in short, cybercriminals prefer to rely on the hard work of others.

By targeting popular brands, recipients are more likely to have a relationship with the company being impersonated. That’s an instant foot in the door. 

Here’s some more information on why online criminals hide behind trusted brands.

Why the risk extends beyond professionals who use MYOB

MYOB – and the companies that use this software – are innocent parties in this invoice scam.

But it’s not just direct customers at risk. Because the fraudulent email has been distributed so widely, it widens the net with regard to the number of people susceptible to the scam.

This presents a real risk – particularly for businesses that enable employees to check their personal email on work computers.

Details about the scam email

When you click on the view remittance link, you’ll be directed to a log-in page which is the point at which your credentials fall into the hands of the criminals behind the scam.

There are several versions of the log-in page used in this scam. Below are a couple of examples:

Screenshot from 2018-09-14 10-34-26

Screenshot from 2018-09-14 09-28-52

MailGuard detected a similar MYOB scam in June: https://www.mailguard.com.au/blog/new-myob-brandjacking-scam

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: expert@mailguard.com.au

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates

 

^ Back to Top

Topics: Phishing email scam Cybersecurity cybercrime myob

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all