Another email scam posing as accounting software firm MYOB has begun hitting user's inboxes on Tuesday.
Email security vendor MailGuard said it was one of "the biggest scam email influxes" it has detected in the past 12 months.
The emails contain malicious invoices that purport to come from various companies and include the phrase ‘Powered by MYOB’ at the bottom of the message in an effort to convey legitimacy.
The emails come from noreply@financialaccountant.info but with several different display names. The ‘View invoice’ button links to a .ZIP archive file which contains a malicious JavaScript file.
The strain of malware steals private information from local internet browsers and installs itself for auto run at Windows startup. It also implements a process that significantly delays the analysis task.
MYOB chief operating officer Andrew Birch said: "MYOB takes this type of criminal activity very seriously and we make every effort to close down operations which seek to defraud our clients or other consumers by pretending to represent our brand."
Birch said MYOB has moved quickly to take the website down and whoever clicks on the link won't be affected.
"It’s important that people stay alert and consider their safety online. This includes checking the authenticity of invoices, and calling the vendor if in any doubt.
So far this year, several well-known Australian brands and organisations have been imitated by scammers, including MyGov, ASIC and Origin Energy.
This is the second time this year MYOB is caught in between a cyber scam. In April, cybercriminals used MYOB's brand to send out fake invoices telling victims they owe between $6300 and $6400.
MailGuard chief executive Craig McDonald said: "By targeting popular brands, recipients are more likely to have a relationship with the company being impersonated. That’s an instant foot in the door.
"But it’s not just direct customers at risk. Because the fraud email has been distributed so widely, and many innocent companies have had their name included as the invoice issuer, it widens the net with regard to the number of people susceptible to clicking the malicious link," he said.
In 2016, Australian businesses lost $1.7 million to hacking scams according to the ACCC.
The ACCC also said that so far this year Australians lost $260,000 to phishing scams alone.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
