A new email scam that has recently hit popular accounting service Intuit QuickBooks has been sending businesses on a scuttle trying to be more vigilant in the face of a new email scam. The scam was discovered by email filtering service MailGuard, which revealed the scammers were attempting to fake invoices from QuickBooks.
Used by over a billion businesses worldwide for online accounting and bookkeeping, Quickbooks in 2015, served 29 million users in the US alone.
As is popular with email scams, this one includes a link that directs users to a website that automatically downloads a “Trojan” virus, which is designed to run in the background and quietly steal users’ data. It has been further made aware that the fake email features the QuickBooks’ logo, and comes from a very similar sending address to QuickBook’s legitimate address.
Nicolette Maury, vice president and country manager for Intuit Australia, advised that the product security “remains a top priority and security threats continue to evolve, for Intuit and everyone in the industry”.
“Intuit is aware of this email and we advise all customers to send any suspicious e-mails directly to firstname.lastname@example.org In addition, http://security.intuit.com is the internal and external customer facing website to report any concerns,” Maury said.
MailGuard labelled the scam as “an unusually persistent and evolving attack”, claiming the scam originates from a number of slightly different sending addresses, which have been used to “bombard” inboxes over the past two days.
According to a recent report, MailGuard chief executive Craig McDonald said that the attack was unusual in its volume and size, and was still ongoing.
“They had another run about three minutes ago, so not over yet,” McDonald added.
“In the last 24 months cyber criminals have been ramping up their attacks, and now they’re targeting brands that businesses know and trust.”
The attack has changed origins 12 times in the last 24 hours, McDonald revealed, and the structure of the scam email itself has also changed. McDonald says these attacks can be successful because of the emails’ sense of familiarity.