The Better Business Bureau Northwest is sounding the alarm about a new email phishing scam targeting users of Intuit’s QuickBooks accounting software.
Victims receive an email in their inbox with the subject line, “QuickBooks Support: Change Request.” The email claims to be a confirmation from Intuit that a business has changed its name and contains a hyperlink that the recipient can click on to cancel the request. However, if email recipients click on the link, it directs them to a site that downloads malware to their device, according to a statement from the Better Business Bureau Northwest warning about the scheme. The malware allows criminals to capture passwords and other personal information from a device.
The BBB Northwest is advising businesses not to click on such links. They should check the reply email address in such messages and “hover” their cursor over a suspicious-looking link to see where it leads before clicking to make sure it’s going to the correct Web domain instead of one with a similar-sounding name. They should also consider how a company normally contacts them and whether this is an unusual request.
"Unfortunately, phishing scams are commonplace today and not unique to Intuit," a spokesperson for the software vendor said. "While we have not received any complaints from customers about this scam, we encourage customers to visit our Web site, https://security.intuit.com, to learn how to protect themselves against scams." The company urged users to report suspicious-looking e-mails to firstname.lastname@example.org.
Phishing emails can be skilfully constructed to impersonate a company, including using the actual corporate logo. Businesses should have processes in place to make sure employees don’t click on links in unexpected emails and know who to ask about what to do before they click.
Tax practitioners have also fallen victims to phishing schemes, and the Internal Revenue Service has periodically sent out warnings about the latest variations on the scams. Fraudsters sometimes purport to be emailing from the IRS or tax software companies to lure victims into divulging passwords or sensitive financial information.
Register or login for access to this item and much more
All Accounting Today content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access