Client FYI: New Phishing Scam
January 30, 2017
A new phishing scam is targeting QuickBooks customers. Please read the article below from the Idaho Statesman for more information.
Article by EMILY VALLA
Special to the Idaho Statesman
Scammers are always looking for new twists on common scams, especially when it comes to phishing emails. These emails are meant to trick you into clicking a link and either providing personal information or downloading viruses or malware.
The Better Business Bureau has learned that a new version of this con is circulating as an email alert supposedly about the accounting software QuickBooks. While anyone may receive this email, scammers are specifically targeting small businesses.
Here’s how this scheme works. You receive an email with the subject line “QuickBooks Support: Change Request.” The message is “confirming” that you changed your business name with Intuit, QuickBooks’ manufacturer. However, you never made such a request. You think it must be a mistake, but fortunately the email contains a link to cancel.
Pause before you click that. Scammers know you didn’t make this request. The link is simply bait. It downloads malware to your device, which scammers use to capture passwords or hunt for sensitive information on your machine. This can lead to identity theft.
Similar scams also impersonate personal-tax software or banks. Always be wary of unexpected emails that contain links or attachments.
Here are some other ways to spot phishing messages:
- Check the reply email address. One easy way to spot an email scam is to look at the reply email. The address should be on a company domain, such as email@example.com. Especially for major companies, be wary of generic addresses from free email providers.
- Check the destination of links. Hover over them to see where they lead. Be sure the link points to the correct domain (www.companyname.com), not a variation, such as companyname.othersite.com or almostcompanyname.com. Scammers can get creative, so look closely.
- Consider how the organization normally contacts you. If an organization normally reaches you by mail, be suspicious if you suddenly start receiving emails or text messages without ever opting in to the new communications.
- Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Be especially wary of messages you have not subscribed to or companies you have never done business with in the past.
- Don’t believe what you see. Just because an email looks real doesn’t mean it is. Scammers can fake anything from a company logo to the “Sent” email address.
- Have a process in the office. Make sure employees know to not click links in unexpected emails. Tell them who they should ask if they seek to verify emails they’re uncertain about, and encourage them not to make “quick fixes” that could be costly.
Valla, Emily, “These emails about QuickBooks software are actually a phishing scam,” Idaho Statesmen, January 13, 2017, http://www.idahostatesman.com/news/business/biz-columns-blogs/article126484784.html#storylink=cpy