Scam of the Week: QuickBooks Used as Bait for a Quick Scam
An easy way for cybercriminals to get your attention is to claim that you owe a large amount of money. Pair this claim with a QuickBooks-themed phishing email and malicious malware, you get a dangerous cybersecurity threat.
The cybercriminals send a well-made spoof of a QuickBooks email that even includes an invoice number. The email message states that you owe over one-thousand dollars for the order but it gives no further details. Attached to the email is what appears to be an Excel file with the invoice number as the filename. The bad guys are hoping you’ll open the attachment looking for more information. If you do open it, you’ll actually be opening a dangerous piece of malware specially designed to target your financial and banking information. This malware can lead to unauthorized charges, wire transfers, and even data breaches.
Here’s how you can stay safe from scams like this:
Never click a link or download an attachment in an email that you were not expecting.
Remember that bad guys can disguise anything, even file types.
If you think the notification could be legitimate, navigate to the official QuickBooks website and log in to your account to confirm.
Stop, Look, and Think. Don’t be fooled.
The KnowBe4 Security Team