Security Tip of the Week – QuickBooks Used as Bait for a Quick Scam

An easy way for cybercriminals to get your attention is to claim that you owe a large amount of money. Pair this claim with a QuickBooks-themed phishing email and malicious malware, and you get a dangerous cybersecurity threat. 

The cybercriminals send a well-made spoof of a QuickBooks email that even includes an invoice number. The email message states that you owe over one-thousand dollars for the order but it gives no further details. Attached to the email is what appears to be an Excel file with the invoice number as the filename. The bad guys are hoping you’ll open the attachment looking for more information. If you do open it, you’ll actually be opening a dangerous piece of malware specially designed to target your financial and banking information. This malware can lead to unauthorized charges, wire transfers, and even data breaches. 

Here’s how you can stay safe from scams like this:

• Never click a link or download an attachment in an email that you were not expecting.
• Remember that bad guys can disguise anything, even file types.
• If you think the notification could be legitimate, navigate to the official QuickBooks website and log in to your account to confirm.

Stop, Look, and Think. Don’t be fooled.

KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.

DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.