Receive the latest mybusiness news
Copyright © 2020 MOMENTUMMEDIA

SMEs warned of accounting software scam

Adam Zuchetti
Adam Zuchetti
20 June 2018 2 minute readShare
email, scam, phishing,

Phishing emails have reportedly been sent to Australian businesses using accounting software, with business leaders warned to double check invoices and communications for legitimacy before taking any action.

On its website this week, Xero revealed that it had received complaints of scammers sending phishing emails that looked suspiciously like invoices from the accounting software provider.

These emails were sent to customers in different countries, and it is believed Australian customers are among those preyed upon.

Reckon has since revealed that while it has been the subject of similar phishing scams in the past, it has not been caught up in this latest round of attacks.

Reckon has had a couple of instances of customers subject to phishing attacks in the past, but their customers haven't reported one for at least 12 months,” a spokesperson told My Business.

MYOB said that “from time to time unfortunately these situations do occur”, but it did not suggest that any of its customers have reported being targeted in this instance either.

SMEs are renowned for being targets of ransomware and phishing scams, because of their willingness to pay to recover stolen data, and the ease with which busy business leaders and their teams can overlook dodgy emails.

Research in March this year suggested that as many as one in three email attacks successfully steal money, data or personal information from their intended victim.

“A big concern for businesses when a phishing attack occurs is ensuring that core platforms and services can continue without interruption if a primary service becomes unavailable as a result of the attack,” said Garrett O’Hara from cyber security firm Mimecast.

“In light of recent legislation changes, we're also seeing much more importance being placed on having data assurance - ensuring company and customer data is safe and easily recoverable.”

As has been noted in other phishing scams, Mr O’Hara said this particular incident involved a wide number of email addresses and individual names being used to send the bogus emails, in a bid to legitimise them as being from a big business.

“Email security can detect and protect against these types of emails getting into the network and block malicious links; however, users should always be checking that the domain they have received the email from matches the business content,” he said.

Mr O’Hara suggested that every email should be viewed through the lens of the following four questions:

  1. Is the email address of the sender valid, and does it make sense for the email received?
  2. What do your ‘spidey senses’ say? Is the email unexpected? Does it use an odd tone?
  3. If you hover over any links do they make sense (correct domain, etc)?
  4. Are you better off to double check with the security team first before clicking on a link or opening an attachment?

“Five minutes to ask could save a lot of time...and embarrassment,” Mr O’Hara concluded.



SMEs warned of accounting software scam
mybusiness logo
Adam Zuchetti
Adam Zuchetti

Adam Zuchetti is the former editor of MyBusiness and a senior freelance media professional, specialising in the fields of business, personal finance and property. In 2020, he also embarked on his own business journey – inspired in part by the entrepreneurs and founders he had met through his journalistic work – with the launch of customised pet gifting and subscription service Paws N’ All.

Leave a Comment

Latest poll

How satisfied are you with the SME measures in the federal budget?