Beware fake MYOB and eWay email scams

Beware fake MYOB and eWay email scams

Security provider MailGuard warns of two new malware-laden email scams doing the rounds.

MailGuard has detected "a huge batch of malicious emails" purporting to come from MYOB, along with a malware-laden email posing as a receipt from payments processor eWay.

The bogus MYOB email claims to be an invoice that is due for payment. While the exact details vary, presumably in an attempt to evade mail filters, the fake invoices are generally for amounts between $6,300 and $6,400.

"Adding to the likelihood that some recipients will fall for the scam, the well-formatted fraud email looks like a legitimate invoice from a company using MYOB software. It includes links to the real MYOB website," said MailGuard CEO Craig McDonald.

An example of the fake MYOB invoice (source: MailGuard)

One clue that the emails are not above board is that they originate from the newly-registered domain

Recipients can lose out even if they realise the invoice is bogus and decline to make the requested payment. The "view invoice" link in the email leads to a JavaScript payload that installs information-stealing malware. In some cases the link is to a zip archive file containing the JavaScript.

Update: MYOB said legitimate invoices will only come from or addresses from its small business products. In addition, in genuine emails links to external sites will always start with

“We strongly recommend not clicking on links in messages that come from strange or unrecognised email addresses,” said Andrew Birch, General Manager Industry Solutions at MYOB.

“We’d also like to remind people to ensure they have good anti-virus protection installed, make sure their software is up-to-date and they have firewalls in place.

“We’re always disappointed to hear when people are impacted by these scams. It’s important that people stay alert and safe online.

“If people are concerned, they should either visit MYOB’s community pages or get in touch with our contact centres to check the validity of any unrecognised communications.”

eWay scam

The fake eWay email includes a Word attachment containing a macro that downloads additional malware, according to MailGuard.

Signs that the email is not what it purports to be include:

  • References to rather than
  • Overuse of capital letters and exclamation marks in the subject line.
  • Unusual phrasing, suggesting the message was written by a non-native speaker.
  • A password-protected attachment with the password revealed in the message body.
  • The presence of a macro in the attachment.

MailGuard did not reveal exactly what types of malware are being installed on victims' computers by this campaign.

The fake eWay Word document (source: MailGuard)

The company did give a general warning that the technique can be used to install keyloggers, which allow criminals to collect usernames and passwords that are especially valuable in the case of internet banking and similar services.

Three ways to help avoid falling for an email scam

So, here’s how you can minimise the chances of getting caught by one of these types of scams:

  • Be sceptical about unexpected emails. For example, if you haven't recently paid for something via eWay, don't let your curiosity get the better of you. The same goes for shipping waybills and so on.
  • Be extra suspicious if the message doesn't feel quite right (for example, "Let us inform you that your payment successfully approved").
  • Be wary of attachments, especially if they are compressed, password-protected, or include macros.

Source: Copyright © BIT (Business IT). All rights reserved.

See more about:  email scam  |  mailguard  |  security
Sign up for our free newsletter
Get the latest business tech news, reviews and guides delivered to your inbox.

Latest Comments

Latest articles on iTnewsLatest iTnews Articles
GE fixing bug that could let hackers shut down power grid
27 Apr 2017
Hole allowed remote control.
British man gets two years in prison for DDoS tool sales
27 Apr 2017
Inspired Lizard Squad's LOIC.
Microsoft splits Win10 security, software updates
26 Apr 2017
Greater flexibility for when to install fixes.
Former Expedia IT worker gets 15 months jail for insider trading
26 Apr 2017
Sentenced in US for stealing confidential data.
Hyundai patches vulnerability in remote ignition app
26 Apr 2017
Determined thieves could have made off with cars.