Criminals attacking small business with QuickBooks phishing

SMEs being targeted using genuine looking invoices; users instructed to phone fraudulent call-centre

Share This Post

QuickBooks, the popular accountancy software, is currently being abused by criminals in an ongoing phishing campaign, as of mid-July 2022.

The most recent campaign is a combination of phishing and fraudulent phone calls (vishing).

Details of scam

According to Inky data analysts, criminals have created free accounts on QuickBooks, which are then used to send fraudulent invoices as phishing emails to a wide range of companies, including UK SMEs.

As the invoices are generated by ‘legitimate’ QuickBooks accounts, these phishing emails will be able to evade spam filters & other email defences.

The fraudulent invoice instructs the recipient that there is an issue with their account and/or requests an outstanding payment.

The invoice provides a phone number for the recipient to call so they can unblock their account/pay the invoice and/or query the invoice.

The details can vary but the intention is the same; get users to phone the number and speak to the fraudulent call centre.

If the number is called, the call centre will attempt to obtain one or more of the following:

– User’s financial information such as credit or debit card details
– QuickBooks login details
– Other sensitive credentials such as Microsoft login credentials

Mitigations & example

If you or your company receives a notification from QuickBooks either querying your account or requesting immediate payment, its recommended that you:

  • Contact QuickBooks directly via their website DO NOT phone any numbers in the email
  • DO NOT click on any links in the email

 

An example of a phishing email asking users to phone a fraudulent call centre:

Other QuickBooks phishing examples

The above details an ongoing QuickBooks phishing scam. Due to its popularity, QuickBooks is regularly abused by cyber criminals. Other examples of phishing seek to obtain user credentials via a fraudulent login portal, linked from an email. 

DO NOT click any links in these emails. Contact QuickBooks directly if you have issues with your account. 

An example of this phishing is below:

Request a call back from team 2tela

Fill in your details and we'll be in touch

More To Explore

Threats & Exploits

Cyber operations during conflict and war

Middle East tensions significantly increased following the UK designated terrorist group Hamas attacked Israel on 7th October. Cyber operations are increasing and is a growing threat to UK businesses.

Do You Want To Boost Your Business?

drop us a line and keep in touch

Please Login

First timer?

Learn how we help give businesses peace of mind and security

Fill in the form and we'll be in touch.