Malware links in emails claiming to be from Quickbooks
Phishing scams and email distribution of malware are nothing new, and a sad part of daily life in our digital world. If you are a known brand in business software, it is only a matter of time before your brand is used by scammers seeking to abuse the trust you have with your users.
And now, according to Mailguard, Quickbooks is the latest target.
“MailGuard has detected a criminal-intent email designed to look like a Quickbooks invoice notification.” (Mailguard Blog)
The first such threat prompted recipients to click a link in an email. That link leads to malware, contained within an archived file. With the level of sophistication in the scammer’s design of these kinds of emails, it can be difficult to distinguish them from a genuine message.
Mailguard reports the following details for these emails:
Sender display name: ‘We Cart Online Solution’
Should such an email appear in your inbox, we advise you to delete it immediately.
A second scam detected the same day by Mailguard is a “Malware as a Service” scam. The criminals use a cloud based service to produce and deliver their malware, without the need to write or download code.
In this case the email is designed to look like an invoice produced with Quickbooks, with a “view invoice link”. That link takes the user to a domain which has been compromised to direct the browser to malicious code.
In this second case, the email may use one of dozens of false from addresses or subject headings, purporting to be an invoice from a number of otherwise legitimate businesses. All of them have a subject laid out as follows:
Subject: Invoice 01234 from Business Name
Where the number is random and the business name may be a legitimate company not affiliated with the scam. That business name may not match the sender address.
Be careful never to click links in an email without full knowledge of its source.
Should you receive one of these false invoice emails, we advise you to delete it immediately. Mailguard users will find the emails automatically removed.