Cybercriminals are posing as Intuit’s popular accounting software package QuickBooks to target Google Workspace and Microsoft 365 small business users in a voice-phishing scam.
The campaign sends a false invoice via email containing a claim that a credit card has already been charged for an order. In order to dispute the charge, victims are directed to call the number included in the email, according to researchers with INKY. The scam was first uncovered in December 2021 and the frequency of attack has accelerated sharply, they said.
The threat actors have been leveraging QuickBooks’ free 30-day trial offer to set up fake accounts from which to send fraudulent invoices, impersonating major IT companies including Amazon, Apple, PayPal, and McAfee. Once the victim calls, they are asked for bank account information, login credentials, or other personally identifiable information.
“These attacks were highly effective at evading detection because they were identical to non-fraudulent Quickbooks notifications, even when examining the emails’ raw HTML files closely,” the report noted. “All notifications originated from authentic Intuit IP addresses, passed email authentication (SPF and DKIM) tests for intuit[.]com, and only contained high-reputation intuit[.]com URLs.”
One such scam in April impersonated an Amazon Prime shipping notification, which used the strings “amazn” and “amzn” to evade detection filters. By clicking on the “print or save” or “view invoice” buttons, the…
