Malware targets users with fake MYOB invoices

By on
Malware targets users with fake MYOB invoices

A batch of malicious emails containing malware purporting to be from accountings software firm MYOB have been sent out in the thousands.

The fake emails contain an invoice telling victims they owe between $6300 and $6400 to MYOB due today, according to enterprise email security vendor MailGuard.

If users click the 'view invoice' link, they will be directed to a compromised SharePoint website hosting a Trojan in the form of a JavaScript file. Some versions also direct to a zip file containing a JavaScript payload. The JavaScript payload installs itself to autorun when starting up Windows and tries to steal private information from internet browsers.

The email also includes a link to the real MYOB website, making it more deceiving.

MailGuard said that thousands of emails were sent out within minutes that were sent from a newly registered domain myob-australia.com. Different company names and invoice amounts were sent in different iterations, likely in an attempt to dodge antivirus software.

To avoid falling victim to malware, MailGuard recommends users check that emails are from a legitimate address, be alert to strange sentence structure, never sidestep formal payment processes and implement scam-proof approval processes.

MYOB's general manager of industry solutions Andrew Birch told CRN that the company has issued warnings about the fake invoices.

“We strongly recommend not clicking on links in messages that come from strange or unrecognised email addresses. We’d also like to remind people to ensure they have good anti-virus protection installed, make sure their software is up-to-date and they have firewalls in place.

“We’re always disappointed to hear when people are impacted by these scams. It’s important that people stay alert and safe online. If people are concerned, they should either visit MYOB’s community pages or get in touch with our contact centres to check the validity of any unrecognised communications.”

Legitimate invoices from MYOB will be addressed from accountright@apps.myob.com or noreply@apps.myob.com addresses from its small business products.

A report from Beazley Breach Insights found that hacks and malware accounted for 40 percent of data breaches made against financial institutions last year, and 45 percent for the education sector. The report also found that the amount of ransomware attacks would double in 2017.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Have you adopted agile methodologies?
Yes - And it made a big different improve productivity
Yes - But it's not made a big difference to productivity
No - But we're thinking of giving it a try
No – We’re happy with our current methods
No - Because it is a stupid idea and a fad
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?