Warning – watch out for fake (spam / phishing) emails pretending to be from MYOB

UPDATE:

MYOB uses Docusign for generating supplier orders for our Practice Solution software. If you are not expecting one, please do not click on the link. If in any doubt about the source of the email, please contact your Partner Manager for clarification.

We use GlobalSign for the signing of our documents. When documents are sent using GlobalSign the sender will most likely be your MYOB accountant and not directly from MYOB.

Hi all,

A new MYOB phishing email pretending to be from MYOB employees has been reported. Instead of using a impersonated MYOB invoice, the attackers are using a Docusign request that at first glance appears to be sent from someone at MYOB.

The subject line on all the messages we've seen so far has been “Your MYOB Supply Order”. Here’s what one of the messages would look like:

If you receive one of these, please forward a copy to securityteam@myob.com. We request you to please follow the tips in the original post to protect yourself against fraudulent emails. 

Hi everyone,

Our Security team have received recent reports of a phishing campaign that is targeting MYOB clients and non-clients with MYOB branded emails.

These emails are using MYOB’s invoice template and contain an attachment that appears to be malicious. 

So far we've found that the emails are being sent from random addresses using Optus email service. 

Below is an example of one such fake email:

We urge you to please follow the tips in our original post, to protect yourself against fraudulent emails. 

If you're unsure whether an email message from MYOB is genuine or if you’d like further clarification, please forward a copy of the email to securityteam@myob.com or reach out to us via this forum, by starting a new post.  

Hi all,

We’ve recently been made aware of two phishing campaigns where emails and SMS are being sent impersonating MYOB invoices!

1) Emails are being sent impersonating MYOB invoices, with the intent of infecting victims with the DanaBot trojan (banking trojan).

While we have not had any direct reports of such emails from our client base, we urge that you read the following links for information on what to look out for:

• https://threatpost.com/danabot-trojan-targets-bank-customers-in-phishing-scam/133994/
• https://www.trustwave.com/Resources/SpiderLabs-Blog/DanaBot-Riding-Fake-MYOB-Invoice-Emails/?page=1&year=0&month=0&LangType=1033

2) SMS sent to MYOB clients with a link of an invoice that is to be paid, where it is hoped the client will enter their userid and password for capture. 

Below is a copy of one such message:

Note:  MYOB does not send SMS with links to invoices for payment.

Tips to protect against fraudulent emails:

• Only open emails from email addresses that you trust. Legitimate invoices from MYOB small business products will only come from accountright@apps.myob.comor noreply@apps.myob.com
• Check that links are valid before clicking on them. Links from genuine MYOB emails to external sites will always start with apps.myob.com.
• Ask yourself if you expected to receive the email.
• Check it against previous emails from the same company. Does the email address, design and style of writing match what you usually receive?
• Use common sense. If you’re not sure, use an external method of communication (such as a phone number from the company’s website) to contact the company that sent the email.

Please follow the tips to protect yourself against fraudulent emails. And if you receive any suspicious emails, please forward a copy to securityteam@myob.com.

Hi everyone,

We've recenly been made aware of a phishing campaign from 2^nd October 2018, which involves emails being sent impersonating MYOB invoices, with the intent of infecting victims with a malicious file. 

Here's an example of one such fake email:

Our Security team is actively working with authorities to block the websites in question.

If you receive one of these, please forward a copy to securityteam@myob.com. And request you to please follow the tips in the original post to protect yourself against fraudulent emails. 

Hi everyone, 

Our security team have observed a new phishing email campaign that is targeting our clients and are investigating the root cause and taking necessary actions. 

Details of the phishing email:

Phishing email from Cote D'Azur Pty Ltd a.vasseur@cotedazurfrance.fr

Subject Receipt for payment to Cote D'Azur Pty Ltd

The email shows a receipt which appears to be from MYOB but is  in fact not from MYOB

If you receive any such emails, please Do not click on the links in email!

We request you to please follow the tips in our original post, to protect yourself against fraudulent emails. 

If you're unsure whether an email message from MYOB is genuine or if you’d like further clarification, please forward a copy of the email to securityteam@myob.com or reach out to us via this forum, by starting a new post.  

Hi Everyone

We have been made aware of a new phishing email referring to reversed invoice payments.

A copy of the phishing email will typically look like the following. 


We urge you to please follow the tips in our original post, to protect yourself against fraudulent emails. 

Hi Everyone

We have been made aware of a new phishing email referring to outstanding invoices with MYOB.

A copy of the phishing email will typically look like the following. 

The email addresses we are seeing the above emails coming from are:

support@myobapp.com
noreply@myobessentialbusiness.com
support@my0bapp.com

myob@amypearsondesign.com

We urge you to please follow the tips in our original post, to protect yourself against fraudulent emails.