by Stephen Withers | Apr 10, 2017 | Comment Now
MailGuard has detected "a huge batch of malicious emails" purporting to come from MYOB, along with a malware-laden email posing as a receipt from payments processor eWay.
The bogus MYOB email claims to be an invoice that is due for payment. While the exact details vary, presumably in an attempt to evade mail filters, the fake invoices are generally for amounts between $6,300 and $6,400.
"Adding to the likelihood that some recipients will fall for the scam, the well-formatted fraud email looks like a legitimate invoice from a company using MYOB software. It includes links to the real MYOB website," said MailGuard CEO Craig McDonald.
An example of the fake MYOB invoice (source: MailGuard)
One clue that the emails are not above board is that they originate from the newly-registered domain myob-australia.com.
Update: MYOB said legitimate invoices will only come from firstname.lastname@example.org or email@example.com addresses from its small business products. In addition, in genuine emails links to external sites will always start with links.apps.myob.com.
“We strongly recommend not clicking on links in messages that come from strange or unrecognised email addresses,” said Andrew Birch, General Manager Industry Solutions at MYOB.
“We’d also like to remind people to ensure they have good anti-virus protection installed, make sure their software is up-to-date and they have firewalls in place.
“We’re always disappointed to hear when people are impacted by these scams. It’s important that people stay alert and safe online.
“If people are concerned, they should either visit MYOB’s community pages or get in touch with our contact centres to check the validity of any unrecognised communications.”
The fake eWay email includes a Word attachment containing a macro that downloads additional malware, according to MailGuard.
Signs that the email is not what it purports to be include:
- References to estoreway.info rather than eway.com.au.
- Overuse of capital letters and exclamation marks in the subject line.
- Unusual phrasing, suggesting the message was written by a non-native speaker.
- A password-protected attachment with the password revealed in the message body.
- The presence of a macro in the attachment.
MailGuard did not reveal exactly what types of malware are being installed on victims' computers by this campaign.
The fake eWay Word document (source: MailGuard)
The company did give a general warning that the technique can be used to install keyloggers, which allow criminals to collect usernames and passwords that are especially valuable in the case of internet banking and similar services.
Three ways to help avoid falling for an email scam
So, here’s how you can minimise the chances of getting caught by one of these types of scams:
- Be sceptical about unexpected emails. For example, if you haven't recently paid for something via eWay, don't let your curiosity get the better of you. The same goes for shipping waybills and so on.
- Be extra suspicious if the message doesn't feel quite right (for example, "Let us inform you that your payment successfully approved").
- Be wary of attachments, especially if they are compressed, password-protected, or include macros.
All rights reserved.
Please note that some HTML content may have been removed from this article to improve the viewing experience on mobile devices.