Bogus MYOB invoice links to malware in new scam

Posted by Emmanuel Marshall on 07 March 2018 15:33:23 AEDT


MailGuard has detected a new fake invoice scam today, ripping off MYOB branding.

This criminal-intent email attack is a typical example of the bogus notification type of scam. The message received by the victim is designed to look like a genuine invoice notification message, complete with MYOB trademark, but when the victim clicks on the ‘view invoice’ link they are delivered to a malware file instead.

There are a wide variety of ‘sender’ names and addresses associated with this attack, including:

  • bernadette.mckay@enlightenedmarketing.com
  • carolyn.cartwright@theroigroup.com
  • daniellenastov@ashrambookshop.com.au
  • dominic.miller@empowertotalhealth.com.au
  • emilym@mikedzellat.com
  • george.lekkas@tomthepom.com
  • lois.simpson@banoeli.com

These are probably email accounts that have been compromised by hackers and exploited to send out scam messages in bulk.

At the time of detection, MailGuard was the only cybersecurity vendor intercepting this scam. These messages will be landing in unprotected inboxes, so please exercise caution with any message purporting to be from MYOB today.

Verify that emails come from the companies they claim to, before opening them. If in doubt, contact the sender by phone to check the authenticity of communications.

 

Tell-tale signs of email scams:

  • Generic greetings, such as ‘dear customer’
  • A sense of urgency, e.g. “ensure your invoice is paid by the due date to avoid unnecessary fees”
  • Bad grammar or misuse of punctuation and poor-quality or distorted graphics (this attempt isn’t let down by bad grammar, making it more likely some people will take the bait)
  • An instruction to click a link to perform an action (hover over them to see where you’re really being directed)

 

Defend your inbox


Email-borne malware attacks can be enormously costly and destructive, and new scams are appearing every day. Don’t wait until it happens to your business; take action to protect your company from financial and reputational damage, now.

Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious email entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: 1300 30 44 30

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates

 

 

 

Topics: Malware Zero Day myob email scams Threat Update

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all