Spam, Scam, thank you ma'am

We are starting to see an increase in malicious emails being sent, under the guise of “Outstanding Invoices.” At face value, these appear to be sent from legitimate accounting software providers including Xero, MYOB, and QBO.

These emails are nothing more than an attempt to get you to download malicious code so hackers can access your computers or networks, steal data (e.g. banking logins), lock your files (e.g. via cryptolocker), or undertake identity theft.

The emails often appear legitimate – identical to those from genuine suppliers. They're becoming more sophisticated, even using email marketing tools that mask “sent from” addresses.

What can you do to stay safe?

1. Ensure that you have the most up-to-date antivirus installed on your computer/network.
2. Enable two-factor authentication (2FA) where available. It adds an extra layer of security using tokens or SMS codes.
3. Educate your team not to open emails they weren’t expecting.
4. Pause and check before clicking on any email links, especially from unknown senders or generic greetings.
5. Never click links asking you to enter account numbers or passwords – reputable institutions won’t do this by email.
6. Watch for messages like “Outlook has prevented automatic download of some pictures” – often a red flag.
7. To confirm legitimacy, phone the business using contact details found via Google – not the ones in the suspicious email.
8. Report suspicious emails to Acorn – Australian Cybercrime Online Reporting Network.
9. Stay vigilant.

Here are some examples of recent scam emails.
** Note: It turns out that the email from @conkar.com.au is not in fact a scam. We traced it back to a client from 5+ years ago who had listed our email. We’ve since confirmed with their accounts team and provided feedback that future correspondence should include clearer sender identification.