Beware fake Microsoft Dynamics invoices

By on
Beware fake Microsoft Dynamics invoices

The latest scam email campaign reported by MailGuard may steal your Microsoft login details.

Email security provider MailGuard has warned of a phishing campaign of fake emails purporting to link to a Microsoft Dynamics invoice.

The scam is designed to steal victims’ Microsoft login credentials – which could potentially give the perpetrators access to any Microsoft service connected to the account, possibly including Outlook emails, Office 365 documents and OneDrive files.

Thankfully, the fake email is “not very well designed”, according to MailGuard, and the sender’s email address uses the domain, which has nothing to do with Microsoft.

The fake sign-in page (image from MailGuard)

That said, the email uses the Microsoft Dynamics brand and could catch out inexperienced users or those not paying close attention. And clicking the link in the email takes the user to a fake login page that looks like a Microsoft sign-in page.

Protection tips

Fake emails that masquerade as trusted brands are now a very common trick used by scammers. They’re often quite realistic, so it’s advisable to take measures to protect your devices and your business:

  • Be vigilant when checking emails and look for signs of fakes. One potential clue is that the email doesn’t address you by name, but instead has a generic salutation such as “Dear Customer”.
  • Similarly, check who’s sending you the email. Scam emails and spam often come from odd email addresses, though be aware that legitimate email addresses can be forged. So avoid messages that fail this ‘sniff test’, but don't assume that you can trust all emails that pass it.
  • Only click links from trusted senders. You can check links by hovering your mouse over them, revealing the destination in your browser. Again it’s not perfect, because many organisations use email distribution services that replace the actual links for tracking purposes.
  • Never open an attachment that is a .zip file or .exe file unless you are expecting it. We’d go even further, and suggest that all unexpected attachments be avoided, because there are ways of embedding malicious code into other types of file.
  • As always, security software can help protect your system against malware, though not necessarily against all email scams. For businesses, email security services such as MailGuard specialise in detecting spam and malicious email, and preventing them from reaching your inboxes.

MailGuard regularly reports malicious campaigns masquerading as trusted brands, such as the ATO, ASIC, Telstra, CPA Australia, EnergyAustralia, Xero, MYOB, Commonwealth Bank, Netflix, Amazon and many more.

Here are some previous reports from earlier this year.

Bogus Westpac and MYOB emails

12 February 2018: MailGuard has warned of two new email scam campaigns, with one purporting to be from Westpac and the other masquerading as an MYOB invoice.

The aim of the fake invoice is to trick users into downloading and executing JavaScript malware, while the bogus Westpac emails are designed to steal customers’ online banking login details and personal information.

The fake MYOB email is well written and formatted, and appears to come from a genuine email account from a company called Craftedeals. It’s not clear whether the sending email account has just merely been spoofed (something that's trivially easy to do), or if that account has been compromised.

One of the fake Westpac emails (image from Mailguard)

As we’ve pointed out previously (see below), scam emails often come from odd email addresses, and that’s the case with fake Westpac emails from the domain and the associated phishing site using

According to the real Westpac site, “Westpac will never ask you to update, verify or correct any Online Banking details directly into an email reply.” 

Fake Suncorp 'wire transfer notification'

29 January 2018: MailGuard has warned of a scam campaign with fake emails purporting to be a Suncorp Bank wire transfer notification.  

The hoax email features the Suncorp Bank logo, but clicking on the ‘Wire transfer details’ link triggers a download of a .zip file containing malicious JavaScript code, according to MailGuard.

An example of the fake email (image courtesy of Mailguard)

There are tell-tale signs that this email is a scam, with poorly written text and the sender’s email address unrelated to Suncorp. However, other email scams are often more realistic, so you (and your staff) need to be prepared. 

Fake MYOB ‘invoices’

24 January 2018: MailGuard has warned of a scam campaign with fake emails purporting to be an MYOB invoice notification.

This hoax email is quite well written and formatted, featuring the MYOB logo and a “View invoice” button. But clicking on that button triggers a nasty surprise: it downloads a .zip file containing JavaScript malware, according to MailGuard.

One of the fake emails (image courtesy of Mailguard)

The campaign closely follows a similar email campaign ‘brand-jacking’ Telstra.

Fake ATO emails

18 January 2018: A campaign of fake emails is purporting to come from the “Revenue Collection Agency” and feature the Australian Taxation Office brand and the Commonwealth Coat of Arms, according to MailGuard.

The fake emails ask recipients to complete a linked “tax form”, but the file is actually a .zip archive containing an unspecified variety of JavaScript malware.

As MailGuard pointed out, the ATO has told taxpayers that it won't (among other things) “send downloadable files or tell you to install software”. It’s not the first campaign of fake ATO emails either.

One of the fake emails (image courtesy of Mailguard)

These are just some of the many scam warnings from MailGuard that we have covered.

Copyright © BIT (Business IT). All rights reserved.

Most Read Articles

You must be a registered member of Business IT to post a comment.
| Register

Log In

Username / Email:
  |  Forgot your password?