The Better Business Bureau Northwest is sounding the alarm about a new email phishing scam targeting users of Intuit’s QuickBooks accounting software.
Victims receive an email in their inbox with the subject line, “QuickBooks Support: Change Request.” The email claims to be a confirmation from Intuit that a business has changed its name and contains a hyperlink that the recipient can click on to cancel the request. However, if email recipients click on the link, it directs them to a site that downloads malware to their device, according to a statement from the Better Business Bureau Northwest warning about the scheme. The malware allows criminals to capture passwords and other personal information from a device.
The BBB Northwest is advising businesses not to click on such links. They should check the reply email address in such messages and “hover” their cursor over a suspicious-looking link to see where it leads before clicking to make sure it’s going to the correct Web domain instead of one with a similar-sounding name. They should also consider how a company normally contacts them and whether this is an unusual request.
"Unfortunately, phishing scams are commonplace today and not unique to Intuit," a spokesperson for the software vendor said. "While we have not received any complaints from customers about this scam, we encourage customers to visit our Web site, https://security.intuit.com, to learn how to protect themselves against scams." The company urged users to report suspicious-looking e-mails to email@example.com.
Phishing emails can be skilfully constructed to impersonate a company, including using the actual corporate logo. Businesses should have processes in place to make sure employees don’t click on links in unexpected emails and know who to ask about what to do before they click.
Tax practitioners have also fallen victims to phishing schemes, and the Internal Revenue Service has periodically sent out warnings about the latest variations on the scams. Fraudsters sometimes purport to be emailing from the IRS or tax software companies to lure victims into divulging passwords or sensitive financial information.