If you get an email message that seems to be from “MYOB” today, make sure it’s the genuine article and not a scam.
MailGuard has detected a major cyber-attack using fake MYOB branded messages - like the one in the screenshot above - that link to malware.
The “view invoice” link in the message points to a .doc file which is infected with hidden malware, which will infiltrate the victim’s computer automatically when it is opened.
The message in this scam is using randomly selected sender addresses to try and bypass detection, but all the sender URLs seem to belong to one of the following domains:
- casmai.com
- csgorc.com
- emarve.com
- spaarknotes.com
- vmartinsart.com
These are all newly registered domains created in China.
#ZERODAY #FASTBREAK We've blocked a HTML-formatted email #brandjacking @MYOB linking to a malicious word document. Display name is always a random company. More details to be published on the #MailGuard blog: https://t.co/Ebrz58C52K#EmailScam #Phishing #MailGuard #CyberCrime pic.twitter.com/RtsXcAIGs0
— MailGuard (@MailGuard) April 24, 2018
Brandjacking
This fake MYOB email is an example of brandjacking; a scam format where cybercriminals exploit well-known trademarks to hide the criminal intentions of their emails.
If your company’s email accounts aren’t protected, brandjacking emails are almost certainly being received by your staff. Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People are not machines; we are all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:
