Business IT

Fake MYOB orders hit inboxes

By Stephen Withers on Oct 27, 2017 9:13AM
Fake MYOB orders hit inboxes

Editor's Picks

5 essential digital transformation ideas

Top 5 Benefits of Managed IT Services

Venom BlackBook Zero 15 Phantom

Facebook, LinkedIn or Instagram? Social media success isn’t one size fits all

A security provider warns of widespread emails purportedly from the accounting provider that contain a malicious payload.

Email security provider MailGuard is warning of a “very large scale and ongoing” scam involving fake orders from accounting software vendor MYOB.

MailGuard describes the latest email scam as “very well formatted” but there are several clues that should raise any recipient's suspicions.

The email purports to be a supply order from MYOB. That should put you on the alert if you don't already sell goods or services to MYOB.

If you do, the fact that you've never heard of the person purportedly sending the order should make you suspicious.

Newsletter Signup

Get the latest business tech news, reviews and guides delivered to your inbox.

I have read and accept the privacy policy and terms and conditions and by submitting my email address I agree to receive the Business IT newsletter and receive special offers on behalf of Business IT, nextmedia and its valued partners. We will not share your details with third parties.

Finally, the From address doesn't match the purported sender's name, and it isn't in MYOB's or DocuSign's domains. The covering message asks the recipient to “review and electronically sign” the order, which is why DocuSign's name is used. The sample provided by MailGuard showed “Dale Cravatta Dale.Cravatta@myob.com” as the sender in the body, but the From header was “Dale Cravatta via DocuSign annahome@cftf.org.uk”.

It's very easy to spoof a From header, so presumably those behind the campaign deliberately chose to use randomly-selected email addresses to avoid alerting MYOB or DocuSign to the campaign. Large-scale campaigns usually result in a significant number of bouncebacks, which should be noticed by a company's email or security administrators, who hopefully would warn the public of the scam.

If you are foolish enough to click the “Review Document” link, you get a zip file – not all zip files are evil, but you should treat them with suspicion – containing a malicious JavaScript file that downloads a further executable.

MailGuard did not describe the function of the latter file.

It seems to us that the risk here is perhaps not so much that someone really will believe that the message is genuine and intended for their organisation, but that some recipients won't be able to resist the temptation to peek into what appears to be someone else's business.

Either way, the potential damage is the same. So treat unexpected emails with suspicion, tell your staff to do the same, make sure your security software is up to date, and consider using an email filtering service such as MailGuard (which claims to be two to 48 hours ahead of the market in preventing fast-breaking attacks).

“Trusted financial services brands are a popular mask for cybercrime networks who particularly like to 'brandjack' those with a large number of users, increasing the likelihood that users will unwittingly click on a malicious link, or open a suspect file,” said MailGuard CEO Craig McDonald.

“These are sophisticated cybercrime networks who hone their approach, and continually optimise their campaigns like the most skilful of marketing professionals.”

Copyright © BIT (Business IT). All rights reserved.
Tags:
mailguard myob security software
By Stephen Withers
Oct 27 2017
9:13AM
0 Comments

Related Articles

  • 5 essential digital transformation ideas
  • Why phishing attacks are a more virulent security threat than ever before
  • How to lock down your web security
  • Want to be data driven? Start by securing your data
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

5 essential digital transformation ideas

5 essential digital transformation ideas

Venom BlackBook Zero 15 Phantom

Venom BlackBook Zero 15 Phantom

Managers should be looking out for staff over these difficult weeks of short staffing

Managers should be looking out for staff over these difficult weeks of short staffing

Facebook, LinkedIn or Instagram? Social media success isn’t one size fits all

Facebook, LinkedIn or Instagram? Social media success isn’t one size fits all

Poll

What would you like to see more of on BiT?
News
Reviews
Features
How To's
Lollies
Photo Galleries
Videos
Opinion
View poll archive
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.