There have been reports of phishing attacks recently being attempted on some accounting software users, and if you are a user of such software it is important that you take a moment to familiarise yourself with what is happening in order to protect yourself.
‘Phishing’ is when someone sends you an email or other communication that comes from a website or source that is familiar to you; it is designed to try and trick you into giving away your secret password, which can result in them taking control of your IT systems.
For example, users may be sent an email that says something like ‘your password has expired’ and then give you a link to a fake reset password page where you enter and divulge your current password. The email could be made to appear official and appear as if it is coming from MYOB or another vendor you know.
Alternatively, an attacker might send you a fake invoice as an attachment in the hope you open it, subsequently infecting your machine with a malicious virus.
These types of attacks are unfortunately very common across many of the sites you probably use. The way to avoid falling victim is to be on high alert for them and learn some of the tell-tale signs.
Here are some tips to get you started:
Legitimate providers will not send you an unsolicited email
The first thing to note is that MYOB will not send you an unsolicited email asking for your password or login details, nor an invoice as an email attachment. If you receive an email with either of these things (unless you have specifically requested one), then it could be a fake and you should not follow any links or open any attachments. This might be true of other web sites you use too.
Check the email address carefully
The next thing to do is to look at the email address from which the message has been sent. Sometimes the email address is made to look very similar to a web site you use, but it’s not quite the same. If the message didn’t come from an email address you know then treat it as suspicious. Email addresses can also be forged – so keep that in mind.
Double check the hyperlinks
After that, look at the hyperlinks that are present in the email text. Are they pointing to web sites that are known to you? Again, the link names might be very close to ones you know, but just a few characters different. If they are different, don’t follow them. Also be aware that it is possible to show a particular link but for that not to be the real one. Some email systems show you the real link address if you hover your mouse over the link – that’s the one you should be looking at.
And lastly, you should make sure you have virus scanning and anti spyware software installed on your machine and that it is always up to date.
There are many resources on the internet about phishing and how to recognise them and other scams. Here is one one from the Australian government.