Threat Management, Malware, Phishing, Threat Management

MYOB phishing campaign wants to mind your business

MailGuard researchers spotted a phishing campaign impersonating Australian payment solutions software firm MYOB in order to spread malware.

Researchers said at its peak on Sunday mid-morning, thousands of emails containing malicious attachments disguised as malicious invoices were being distributed per minute, according to a release.

Scammers tell victims they owe between $6300 and $6400, with the amount due today, in an email that looks like a legitimate invoice from a company using MYOB software. The phony emails even link to the real MYOB website and are sent from a newly registered myob-austrailia(dot)com domain to seem even more legitimate, researchers said.

Those who click on the malicious attachment are redirected to a compromised SharePoint website, which hosts a Trojan in the form of a JavaScript file while other versions point to a zip file which encloses the malicious Javascript payload.  

Researchers recommend users watch for strange sentence structure, or phrasing uncommon to the apparent sender, never sidestep formal processes for payments and call sender if in doubt, among other security best practices.

MYOB siad that they are always disappointed to hear when people are impacted by these type of scams and that should go to MYOB's community pages or contact on of their centers to check the validity of an invoice.

The company said "legitimate invoices will only come from [email protected] or [email protected] addresses from its small business products,"the company told SC Media. "In addition, in genuine emails links to external sites will always start with links.apps.myjob.com."

UPDATE: This story has been updated to include comments from MYOB. 


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.