Accounting software company MYOB was hit by scammers on Tuesday when emails purporting to come from the company were distributed with fake invoices.
Security firm MailGuard detected the scam which started around midday Wednesday and stopped later in the evening.
According to MailGuard, the scam escalated during the day yesterday and became one of the biggest scam email attacks detected by the company in the past 12 months.
A spokesman for MailGuard told iTWire that the emails were circulating intensively until just after 9pm tuesday night.
"Usually each variation of these scams are distributed for less than 24 hours – they’re usually useless when the fake domain gets taken down,” the spokesperson said.
The malicious invoices purported to come from various companies, and include ‘Powered by MYOB’ branding at the bottom of the message in an effort to convey legitimacy.
Mailguard explained that the scam email works by displaying a ‘view invoice’ button which links to a hosted .ZIP file containing malware, and that the domain was registered yesterday with a China-based registrar.
MailGuard says the sender display name varies but the displayed (and actual) sending address is firstname.lastname@example.org and it warns that this type of malware:
Steals private information from local Internet browsers
Installs itself for autorun at Windows startup, and
Also implements a process that significantly delays the analysis task.
MailGuard said the email trades on the trusted reputation of the Australian software company – “and the innocent suppliers whose names are used in an attempt to dupe people into clicking the link”.
“It’s a common tactic used by cyber criminals,” the company said.
MailGuard says the risk posed by these type of email scams extend beyond professionals who use MYOB for invoicing.
“MYOB and the companies that use this software are innocent parties in this invoice scam.
“But it’s not just direct customers at risk. Because the fraud email has been distributed so widely, and many innocent companies have had their name included as the invoice issuer, it widens the net with regard to the number of people susceptible to clicking the malicious link.
“This presents a real risk – particularly for businesses that enable employees to check their personal email on work computers,” MailGuard says.