A 'huge batch' of fake MYOB invoices is spreading malware

Cameron Smith of the Storm shows his anguish after handing over the ball to the Broncos during the NRL semi final two match between the Brisbane Broncos and the Melbourne Storm at Suncorp Stadium on September 20, 2008 in Brisbane, Australia. (Photo by Bradley Kanaris/Getty Images)

A large number of emails pretending to be invoices generated out of MYOB — but actually containing links to dangerous malware — reportedly started circulating on Monday.

The emails, which were sent out at a rate of “thousands per minute” Monday morning, contain invoices with different company names and supposed debts between $6,300 and $6,400 — but all demand immediate payment, according to email security firm Mailguard.

Mailguard chief executive Craig McDonald said that the varied company names and invoice amounts were deliberately designed to dodge antivirus software.

“Adding to the likelihood that some recipients will fall for the scam, the well-formatted fraud email looks like a legitimate invoice from a company using MYOB software. It includes links to the real MYOB website,” said McDonald.

Once the curious victim clicks on the ‘view invoice’ link, a Trojan virus is downloaded onto the user’s computer.

Email containing fake MYOB invoice. (Source: Mailguard)

“When executed, the JavaScript payload file installs itself to autorun at Windows startup and attempts to steal private information from internet browsers,” said McDonald.

The best way to check an invoice email for authenticity is to observe the domain name of the sender – the part after the “@” symbol. Today’s attacks came from the recently registered domain myob-australia.com, rather than the authentic myob.com.

MYOB released a statement that all legitimate emails would only come from [email protected] or [email protected] addresses for its small business products. The software provider added that hyperlinks to external sites always begin with links.apps.myob.com.

“We’re always disappointed to hear when people are impacted by these scams. It’s important that people stay alert and safe online,” said MYOB industry solutions general manager Andrew Birch.

“If people are concerned, they should either visit MYOB’s community pages or get in touch with our contact centres to check the validity of any unrecognised communications.”

Mailguard’s McDonald said that even with malicious emails circulating, robust formal payment processes would ensure any dodgy invoices would not be paid.

“If in doubt, ring the apparent sender. If they’re not available, wait until they are. An enormous transfer is better to arrive later than to be lost without a trace to an overseas cybercriminal,” he said.

“Implement scam-proof approvals processes for financial transfers such as two-factor authentication, which requires two employees to sign off on wire transfers.”

The security company advised businesses to train staff on what fraudulent emails look like and to deploy artificial intelligence-based threat detection software on email systems.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.