Security firm MailGuard detected the scam which started around midday yesterday and stopped later in the evening.
According to MailGuard, the scam escalated during the day yesterday and became one of the biggest scam email attacks detected by the company in the past 12 months.
A spokesman for MailGuard told iTWire that the emails were circulating intensively until just after 9 last night.
The malicious invoices purported to come from various companies, and include ‘Powered by MYOB’ branding at the bottom of the message in an effort to convey legitimacy.
Mailguard explained that the scam email works by displaying a ‘view invoice’ button which links to a hosted .ZIP file containing malware, and that the domain was registered yesterday with a China-based registrar.
MailGuard says the sender display name varies but the displayed (and actual) sending address is noreply @ financialaccountant .info, and it warns that this type of malware:
• Steals private information from local Internet browsers
• Installs itself for autorun at Windows startup, and
• Also implements a process that significantly delays the analysis task.
MailGuard said the email trades on the trusted reputation of the Australian software company – “and the innocent suppliers whose names are used in an attempt to dupe people into clicking the link”.
“It’s a common tactic used by cyber criminals,” the company said.
MailGuard says the risk posed by these type of email scams extend beyond professionals who use MYOB for invoicing.
“MYOB and the companies that use this software are innocent parties in this invoice scam.
“But it’s not just direct customers at risk. Because the fraud email has been distributed so widely, and many innocent companies have had their name included as the invoice issuer, it widens the net with regard to the number of people susceptible to clicking the malicious link.
“This presents a real risk – particularly for businesses that enable employees to check their personal email on work computers,” MailGuard says.