Security Market Segment LS
Wednesday, 21 June 2017 12:41

MYOB hit by email scammers circulating fake invoices Featured

MYOB hit by email scammers circulating fake invoices Image courtesy of Stuart Miles at

Accounting software company MYOB was hit by scammers on Tuesday when emails purporting to come from the company were distributed with fake invoices.

Security firm MailGuard detected the scam which started around midday yesterday and stopped later in the evening.

According to MailGuard, the scam escalated during the day yesterday and became one of the biggest scam email attacks detected by the company in the past 12 months.

A spokesman for MailGuard told iTWire that the emails were circulating intensively until just after 9 last night.

"Usually each variation of these scams are distributed for less than 24 hours – they’re usually useless when the fake domain gets taken down,” the spokesperson said.

The malicious invoices purported to come from various companies, and include ‘Powered by MYOB’ branding at the bottom of the message in an effort to convey legitimacy.

Mailguard explained that the scam email works by displaying a ‘view invoice’ button which links to a hosted .ZIP file containing malware, and that the domain was registered yesterday with a China-based registrar.

MailGuard says the sender display name varies but the displayed (and actual) sending address is noreply @ financialaccountant .info, and it warns that this type of malware:

•    Steals private information from local Internet browsers

•    Installs itself for autorun at Windows startup, and

•    Also implements a process that significantly delays the analysis task.

MailGuard said the email trades on the trusted reputation of the Australian software company – “and the innocent suppliers whose names are used in an attempt to dupe people into clicking the link”.

“It’s a common tactic used by cyber criminals,” the company said.

MailGuard says the risk posed by these type of email scams extend beyond professionals who use MYOB for invoicing.

“MYOB and the companies that use this software are innocent parties in this invoice scam.

“But it’s not just direct customers at risk. Because the fraud email has been distributed so widely, and many innocent companies have had their name included as the invoice issuer, it widens the net with regard to the number of people susceptible to clicking the malicious link.

“This presents a real risk – particularly for businesses that enable employees to check their personal email on work computers,” MailGuard says.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Peter Dinham

Peter Dinham is a co-founder of iTWire and a 35-year veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments