Managed IT Services 101 – Think before you click
Home 5 Blog 5 Managed IT Services 101 – Think before you click

It is usually the managed IT services company who mops up after a security breach and more often than not the breach originates from users clicking on things that look normal to click on.

Let’s take bogus MYOB emails as an example, there have been attempts by cyber criminals to impersonate accounting giant MYOB and put those who are curious enough to view the attachment at risk. From what we have learnt, these emails are distributed in large batches with different company names and different invoice amounts being used. The emails vary slightly in an attempt to hide itself from managed IT services’ security measures.

Although the content may differ, we have learnt that a fake invoice states that the recipient owes between $6,300 and $6,400, and the said amount is due today – which, even to the untrained eye should already be setting off alarm bells however, the likelihood is some recipients will unfortunately fall for the scam due to its well formatted and well laid out nature of the email. The email will even include links to the real MYOB website.

 

MYOB Email Scam (Photo from Maillguard.com.au)

                                                       MYOB Email Scam (Photo from Maillguard.com.au)

But one thing which you should take note of is the domain from which it is being sent from – most, if not all, are being sent from myob-australia.com. Which according to our research is a newly registered domain and definitely is not the official website. Those who click the link to ‘view invoice’ are directed to a compromised SharePoint website, which hosts a Trojan in the form of a JavaScript file. In some versions the link points to a zip file which encloses the JavaScript payload. When executed, the JavaScript payload file installs itself to autorun at Windows startup and attempts to steal private information from internet browsers.

Managed IT services companies see these types of emails hit the inboxes of clients daily. Unfortunately some do get past the email filters, so in order to protect yourself from these types of scams it is essential to follow the steps below:

  • Check the sender, not only the name of the sender but also the domain and even the email headers. Anything out of the ordinary should set off alarm bells and the email should be left alone or moved to the junk folder.
  • Watch out for incorrect grammar or strange sentence structure, which suggests that the email is indeed artificial
  • Never make payments using unconventional methods, if you have a standing order stick to it, do not be pressured into making payments via an unknown payment portal because of the due date. It’s safer to send payments the formal way. If there any persisting doubts, give the apparent sender a call to verify.
  • Implement two-factor authentication for logins. Even though the process may prolong the time and effort to access your account we believe it is well-worth it – better be safe than sorry.
  • Teach staff and friends about bogus emails, and have them do the same with others.
  • Ensure your email security is up to date and up to scratch – if your managed IT services company isn’t fully equipped to fend off cyber criminals, then you should definitely get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at info@intellitek.com.au, fill out the web form, or have a Live Chat with us below.

Book A Consult

We can accommodate a solution for your needs, to discuss your options please contact us today.

Ph: 1300 768 779