ESIB Pty Ltd email scam: fake invoices spreading malware

ESIB Pty Ltd email scam: fake invoices spreading malware

Insurances are some of the must-have things these days, no wonder people tend to take them seriously. Cybercriminals are clever enough to realize this. One group of black hats has gone as far as to impersonate ESIB, an Australian business insurance company, sending out phishing emails with rogue invoices.

What is the ESIB / MYOB email scam?

There are crudely tailored junk emails that most recipients, even those who aren’t very security-aware, will either ignore or send trash right away. There are also scam messages that instantly catch the user’s eye as something worthwhile. Unfortunately, online criminals have gotten proficient enough in social engineering to create trustworthy-looking email templates. This latter scenario applies to the ESIB email scam fully. The fraudsters in charge have been spamming Australian users with bogus invoices pretending to be from ESIB Pty Ltd (Eastern Suburb Insurance Brokers).

Scam email impersonating ESIB

The ESIB scam emails also feature references to MYOB, well-known accounting services firm headquartered in Australia. Because people and businesses trust said company as a reputable partner, chances are they get interested in the subject of the messages. The sender of the rogue emails displayed in the corresponding field is The subject line goes, “Invoice INVV02703 from ESIB Pty Ltd”, where the number may vary. The body of the message is as follows,

We’ve attached invoice INVV02703 for $790.00.

Payment is due by [specified date].

For your convenience we do accept payment by MasterCard or Visa with a 1.5% surcharge payable. Credit card payments can be made by calling the office between 7am and 3pm Monday to Friday. Thank you for your business and if you have any queries regarding your invoice, please do not hesitate to contact me direct.

Kind Regards,
Margot White
ESIB Pty Ltd
07 3802 0942

As you can see, the text is competently formatted and written, and there are no obvious giveaways. Furthermore, the bottom part of the email includes an inscription, “Powered by MYOB”, which adds some finishing strokes to the whole credible-looking hype. The only red flag goes up when you click on the link saying, “View full invoice details” or hit the “View invoice” button next to it. Doing so triggers a routine for downloading a ZIP file. This archive conceals a malicious JavaScript object inside.

When extracted and opened, the JS code will fire up an infection chain that downloads and executes malware on the unsuspecting recipient’s computer. The perpetrating program can be anything from spyware to ransomware that will encrypt all valuable data on the machine and demand a ransom for decryption. There is another very similar hoax taking root at the time of this writing. The phishing messages impersonate Nicexpo Pty LTd, a French organization hosting various industrial and entertainment events and expositions. Similarly, the Nicexpo email scam pursues the goal of duping users into clicking on a booby-trapped link and unknowingly authorizing the contamination of their PCs. So, beware of the ESIB / MYOB and Nicexpo email scams and refrain from clicking on anything in these messages.

ESIB / MYOB email automatic removal

The extermination of ESIB / MYOB fake can be efficiently accomplished with reliable security software. Sticking to the automatic cleanup technique ensures that all components of the infection get thoroughly wiped out from your system.

1. Download recommended security utility and get your PC checked for malicious objects by selecting the Start Computer Scan option

Download ESIB / MYOB remover

2. The scan will come up with a list of detected items. Click Fix Threats to get the malware removed from your system. Completing this phase of the cleanup process is most likely to lead to complete eradication of the infection. However, it might be a good idea to consider ascertaining the scam is gone for good.

No ratings yet.

Please rate this

Posted in: KnowledgeBase

Leave a Comment (0) ↓