Forum Discussion

Steven_M's avatar
Steven_M
Former Staff
8 years ago

Warning – watch out for fake (spam / phishing) emails pretending to be from MYOB

UPDATE: Please scroll down for new comments with important updates. 

 

Hi all,

 

We’ve learned that some clients have received emails containing fake invoices that direct people to a website where malware may be installed on their computer.


Here's an example of what one of these fake emails looks like.

Note that it was sent from one of the following email addresses or domains:

They will show a non-MYOB link when you hover over the link

 

Below is a copy of the known fraudulent links:

  • hxxp://runrelays.com/invoicelist.php
  • hxxp://url1027.ravnzone.com/link/8214657b6fff8305bec2d77943383aeb
  • hxxp://url0510.bornocare.com/link/
  • hxxp://ifihadtwolives.com/process
  • hxxps://arednfound.com/invoicelist.php
  • hxxps://hms-group.us11.list-manage.com/track/click?u=68b4cd8940c89334dc9a72421&id=e3514044c9&e=d2cee9eb72


Here's what a real MYOB email looks like.:

(Note that it was sent from AccountRight@apps.myob.com and hovering on the link shows that it starts with http://links.apps.myob.com )

 

 

We strongly recommend not clicking on links in messages that come from strange or unrecognised email addresses. We’d also like to remind people to ensure they have good anti-virus protection installed, make sure their software is up-to-date and they have firewalls in place.

 

We have alerted the relevant authorities about this scam and we are actively working with them to block the websites in question.

 

Here are some tips to protect yourself against fraudulent emails:

  • Only open emails from email addresses that you trust. Legitimate invoices from MYOB small business products will only come from accountright@apps.myob.com or noreply@apps.myob.com
  • Check that any links are valid before clicking on them. Links from genuine MYOB emails to external sites will always start with links.apps.myob.com.
  • Ask yourself if you expected to receive the email.
  • Check it against previous emails from the same company. Does the email address, design and style of writing match what you usually receive?
  • Use common sense. If you’re not sure, use an external method of communication (such as a phone number from the company’s website) to contact the company that sent the email.

 If you are unsure whether an email message from MYOB is genuine or if you’d like further clarification, you’re welcome to post on the MYOB Community Forum.

  • Hi Everyone


    We have been made aware of a new phishing email referring to outstanding invoices with MYOB.

    A copy of the phishing email will typically look like the following. 


    The email addresses we are seeing the above emails coming from are:

    support@myobapp.com
    noreply@myobessentialbusiness.com
    support@my0bapp.com

    myob@amypearsondesign.com

     

    We urge you to please follow the tips in our original post, to protect yourself against fraudulent emails. 

  • Hi Everyone


    We have been made aware of a new phishing email referring to reversed invoice payments.

    A copy of the phishing email will typically look like the following. 


    We urge you to please follow the tips in our original post, to protect yourself against fraudulent emails. 

  • Suja_P's avatar
    Suja_P
    Former Staff

    Hi everyone,

     

    Our Security team have received recent reports of a phishing campaign that is targeting MYOB clients and non-clients with MYOB branded emails.

     

    These emails are using MYOB’s invoice template and contain an attachment that appears to be malicious. 

     

    So far we've found that the emails are being sent from random addresses using Optus email service. 

     

    Below is an example of one such fake email:

     

     

    We urge you to please follow the tips in our original post, to protect yourself against fraudulent emails. 

     

    If you're unsure whether an email message from MYOB is genuine or if you’d like further clarification, please forward a copy of the email to securityteam@myob.com or reach out to us via this forum, by starting a new post.  

     

    • Steven_M's avatar
      Steven_M
      Former Staff

      Hi Everyone

      We have been made aware that some MYOB customers and non-MYOB Customers have received a phishing invoice email from the email address AccountRight@apps.myob.com. 

      A copy of the phishing invoice email will typically look like the following. 

       

      We urge you to please follow the tips in our original post, to protect yourself against fraudulent emails. 

       

      If you're unsure whether an email message from MYOB is genuine or if you’d like further clarification, please forward a copy of the email to securityteam@myob.com or reach out to us via this forum, by starting a new post.  

  • Suja_P's avatar
    Suja_P
    Former Staff

    Hi everyone, 

     

    Our security team have observed a new phishing email campaign that is targeting our clients and are investigating the root cause and taking necessary actions. 

     

    Details of the phishing email:

     

    Phishing email from Cote D'Azur Pty Ltd a.vasseur@cotedazurfrance.fr

    Subject Receipt for payment to Cote D'Azur Pty Ltd

     

    The email shows a receipt which appears to be from MYOB but is  in fact not from MYOB

     

    If you receive any such emails, please Do not click on the links in email!

     

    We request you to please follow the tips in our original post, to protect yourself against fraudulent emails. 

     

    If you're unsure whether an email message from MYOB is genuine or if you’d like further clarification, please forward a copy of the email to securityteam@myob.com or reach out to us via this forum, by starting a new post.  

     

     

  • Suja_P's avatar
    Suja_P
    Former Staff

    Hi everyone,

     

    We've recenly been made aware of a phishing campaign from 2nd October 2018, which involves emails being sent impersonating MYOB invoices, with the intent of infecting victims with a malicious file. 

     

    Here's an example of one such fake email:

     

    Our Security team is actively working with authorities to block the websites in question.

     

    If you receive one of these, please forward a copy to securityteam@myob.com. And request you to please follow the tips in the original post to protect yourself against fraudulent emails. 

  • Suja_P's avatar
    Suja_P
    Former Staff

    Hi all,

     

    We’ve recently been made aware of two phishing campaigns where emails and SMS are being sent impersonating MYOB invoices!

     

    1) Emails are being sent impersonating MYOB invoices, with the intent of infecting victims with the DanaBot trojan (banking trojan).

     

    While we have not had any direct reports of such emails from our client base, we urge that you read the following links for information on what to look out for:

     

     

    2) SMS sent to MYOB clients with a link of an invoice that is to be paid, where it is hoped the client will enter their userid and password for capture. 

     

    Below is a copy of one such message:

     

     

     

    Note:  MYOB does not send SMS with links to invoices for payment.

     

    Tips to protect against fraudulent emails:

     

    • Only open emails from email addresses that you trust. Legitimate invoices from MYOB small business products will only come from accountright@apps.myob.comor noreply@apps.myob.com
    • Check that links are valid before clicking on them. Links from genuine MYOB emails to external sites will always start with apps.myob.com.
    • Ask yourself if you expected to receive the email.
    • Check it against previous emails from the same company. Does the email address, design and style of writing match what you usually receive?
    • Use common sense. If you’re not sure, use an external method of communication (such as a phone number from the company’s website) to contact the company that sent the email.

    Please follow the tips to protect yourself against fraudulent emails. And if you receive any suspicious emails, please forward a copy to securityteam@myob.com.

  • Suja_P's avatar
    Suja_P
    Former Staff

    UPDATE:

    MYOB uses Docusign for generating supplier orders for our Practice Solution software. If you are not expecting one, please do not click on the link. If in any doubt about the source of the email, please contact your Partner Manager for clarification.

    We use GlobalSign for the signing of our documents. When documents are sent using GlobalSign the sender will most likely be your MYOB accountant and not directly from MYOB.

     

    Hi all,

     

    A new MYOB phishing email pretending to be from MYOB employees has been reported. Instead of using a impersonated MYOB invoice, the attackers are using a Docusign request that at first glance appears to be sent from someone at MYOB.

     

    The subject line on all the messages we've seen so far has been “Your MYOB Supply Order”. Here’s what one of the messages would look like:

     

     

    If you receive one of these, please forward a copy to securityteam@myob.com. We request you to please follow the tips in the original post to protect yourself against fraudulent emails.