Scammers masquerading as MYOB and Xero

Well the scammers are at it again and they are targeting MYOB, Xero and other accounting software customers. The new trend is emails that look like they are an invoice or other payment request from your software provider.

New MYOB Scam

One of the new MYOB phishing emails we have seen pretends to be from MYOB employees. Instead of using an impersonated MYOB invoice, the attackers are using a DocuSign request that at first glance appears to be a document sent from someone at MYOB. Despite the appearance the email is not from MYOB or DocuSign, also the links in the email are not to sites or files, they most likely contain various forms of malware or seek payments for bogus services.

The subject line on all the messages we’ve seen so far has been “Your MYOB Supply Order”. Here’s what one of  the messages we received looks like:

MYOB phishing emails Scammers masquerading as MYOB and Xero

New Xero Scam

The Xero attack was delivered at the same time as the MYOB scam, and masqueraded as an invoice for your Xero subscription sent from ‘Xero Billing Notifications’ with a subject that reads ‘Your Xero Invoice INV-1815584’ in the example below. Again the link to ‘View your bill:’ leads to a malicious .ZIP payload.

If you receive one of these, we advise you delete it ASAP and do not follow any links or open attachments.

Stay on the lookout for new strategies the scammers are using.

Latest news from ca&p