Cybercriminals are send phishing scams to unsuspecting victims via QuickBooks, capitalizing on the program’s popularity.
Many SMB’s and mid-size organizations utilize QuickBooks for accounting and tracking invoices. Criminals know this, and have been sending out business email compromise (BEC) phishing attacks to unsuspecting users. The emails will look like they’re from a legitimate vendor, however the invoice paid will go straight to the scammer. Cybercriminals can also request that users pay by ACH (automated clearing house) methods, which requires bank account details.
If someone inputs those details in, the criminal then has access to your account information, which is less than ideal.
A legitimate example of a QuickBooks payment request can be seen below:
A fake email request might show as being from an unknown (to you) company, or the email may have a faulty URL hidden within. If you hover over any buttons in the email, you can check to see if the URL matches the domain of the original sender. Shown below is an example a request showing the “intuit.com” domain.
From here, you can check to see if the domain is legitimate or being spoofed by a criminal. The email’s message header contained the following SPF, DKIM and DMARC information:
The above image shows that the email passed the proper checks, and is from a legitimate source. Scam invoices usually don’t come from intuit.com, although they could if a scammer bought and used the actual invoice feature from QuickBooks. A regular user could also be compromised by a hacker, but that scenario isn’t as likely.
For more information, check out the KnowBe4 blog post on the subject here.
Need an estimate? Request a quote below!