QuickBooks, the popular accountancy software, is currently being abused by criminals in an ongoing phishing campaign, as of mid-July 2022.
The most recent campaign is a combination of phishing and fraudulent phone calls (vishing).
Details of scam
According to Inky data analysts, criminals have created free accounts on QuickBooks, which are then used to send fraudulent invoices as phishing emails to a wide range of companies, including UK SMEs.
As the invoices are generated by ‘legitimate’ QuickBooks accounts, these phishing emails will be able to evade spam filters & other email defences.
The fraudulent invoice instructs the recipient that there is an issue with their account and/or requests an outstanding payment.
The invoice provides a phone number for the recipient to call so they can unblock their account/pay the invoice and/or query the invoice.
The details can vary but the intention is the same; get users to phone the number and speak to the fraudulent call centre.
If the number is called, the call centre will attempt to obtain one or more of the following:
– User’s financial information such as credit or debit card details
– QuickBooks login details
– Other sensitive credentials such as Microsoft login credentials
Mitigations & example
If you or your company receives a notification from QuickBooks either querying your account or requesting immediate payment, its recommended that you:
- Contact QuickBooks directly via their website DO NOT phone any numbers in the email
- DO NOT click on any links in the email
An example of a phishing email asking users to phone a fraudulent call centre:
Other QuickBooks phishing examples
The above details an ongoing QuickBooks phishing scam. Due to its popularity, QuickBooks is regularly abused by cyber criminals. Other examples of phishing seek to obtain user credentials via a fraudulent login portal, linked from an email.
DO NOT click any links in these emails. Contact QuickBooks directly if you have issues with your account.
An example of this phishing is below: