Beware fake MYOB and eWay email scams

By on
Beware fake MYOB and eWay email scams

Security provider MailGuard warns of two new malware-laden email scams doing the rounds.

MailGuard has detected "a huge batch of malicious emails" purporting to come from MYOB, along with a malware-laden email posing as a receipt from payments processor eWay.

The bogus MYOB email claims to be an invoice that is due for payment. While the exact details vary, presumably in an attempt to evade mail filters, the fake invoices are generally for amounts between $6,300 and $6,400.

"Adding to the likelihood that some recipients will fall for the scam, the well-formatted fraud email looks like a legitimate invoice from a company using MYOB software. It includes links to the real MYOB website," said MailGuard CEO Craig McDonald.

An example of the fake MYOB invoice (source: MailGuard)

One clue that the emails are not above board is that they originate from the newly-registered domain

Recipients can lose out even if they realise the invoice is bogus and decline to make the requested payment. The "view invoice" link in the email leads to a JavaScript payload that installs information-stealing malware. In some cases the link is to a zip archive file containing the JavaScript.

Update: MYOB said legitimate invoices will only come from or addresses from its small business products. In addition, in genuine emails links to external sites will always start with

“We strongly recommend not clicking on links in messages that come from strange or unrecognised email addresses,” said Andrew Birch, General Manager Industry Solutions at MYOB.

“We’d also like to remind people to ensure they have good anti-virus protection installed, make sure their software is up-to-date and they have firewalls in place.

“We’re always disappointed to hear when people are impacted by these scams. It’s important that people stay alert and safe online.

“If people are concerned, they should either visit MYOB’s community pages or get in touch with our contact centres to check the validity of any unrecognised communications.”

eWay scam

The fake eWay email includes a Word attachment containing a macro that downloads additional malware, according to MailGuard.

Signs that the email is not what it purports to be include:

  • References to rather than
  • Overuse of capital letters and exclamation marks in the subject line.
  • Unusual phrasing, suggesting the message was written by a non-native speaker.
  • A password-protected attachment with the password revealed in the message body.
  • The presence of a macro in the attachment.

MailGuard did not reveal exactly what types of malware are being installed on victims' computers by this campaign.

The fake eWay Word document (source: MailGuard)

The company did give a general warning that the technique can be used to install keyloggers, which allow criminals to collect usernames and passwords that are especially valuable in the case of internet banking and similar services.

Three ways to help avoid falling for an email scam

So, here’s how you can minimise the chances of getting caught by one of these types of scams:

  • Be sceptical about unexpected emails. For example, if you haven't recently paid for something via eWay, don't let your curiosity get the better of you. The same goes for shipping waybills and so on.
  • Be extra suspicious if the message doesn't feel quite right (for example, "Let us inform you that your payment successfully approved").
  • Be wary of attachments, especially if they are compressed, password-protected, or include macros.
Copyright © BIT (Business IT). All rights reserved.

Most Read Articles


What would you like to see more of on BiT?
How To's
Photo Galleries
View poll archive

Log In

  |  Forgot your password?