Dodgy emails with fake MYOB invoices containing malware are spreading again

Photo: China Photos/Getty Images

Australian businesses have once again been targeted with fake invoices that look like they’re generated by accounting software MYOB.

Tech security firm Mailguard reported that a mass distribution of the dodgy emails seemed to start at 12:19pm on Tuesday, with more than 100 messages sent out per minute during the first hour.

“Tech team just told me this one is still going, and has picked up momentum. It’s now one of the largest-scale ones we’ve seen in the past 12 months,” said Mailguard chief executive Craig McDonald.

“[The email] looks realistic – it’s well formatted and contains MYOB branding.”

Once the curious user clicks on the link to the supposed invoice, a zip file that contains malware is downloaded. The malicious software then installs itself to run everytime Windows starts and steals private information keyed into internet browsers.

Fake MYOB invoice linking to malware. (Source: Mailguard)

Business users are advised to delete any messages sent from the email address “noreply (at)”. To avoid detection by antivirus software, the invoice itself is attributed to various legitimate businesses (without those companies knowing that their name has been used) such as Winchester O’Rourke Pty Ltd, Payless Loans Pty Ltd and Advantage Financials Pty Ltd.

The domain name for the sender email address and the malware host was registered in China, according to Mailguard.

A similar scam emerged back in April, which also used supposedly overdue invoices to entice users to download malware onto their computers.

Malware downloading from fake MYOB invoice email. (Source: Mailguard)

MYOB stated at the time that all legitimate emails would come from [email protected] or [email protected] addresses for its small business products and hyperlinks to external sites would always begin with

Mailguard’s McDonald said that these email scams with big-name branding like MYOB do trap many people.

“While you might know better than to click a grammatically-challenged email with an outdated logo, you’d be surprised by how many people take the bait,” he said.

“By targeting popular brands, recipients are more likely to a have relationship with the company being impersonated. That’s an instant foot in the door. More than 25% of all recipients open phishing emails, and a well-executed phishing landing page can yield a success rate as high as 45%, according to a study by Google and the University of California. How many marketers can claim a success rate as high as this?”

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.