A new phishing attack has been identified by Check Point Software Technologies, which involves hackers creating a free QuickBooks account and sending fake invoices during the 2023 tax season. The attackers send a fraudulent invoice from a legitimate QuickBooks domain using a QuickBooks email address, making it difficult to identify the email as a scam.
Users must scrutinize the email and be wary of all links, as the phishing email passes all standard email authentication checks, domain checks and more.
Jeremy Fuchs, Avanan’s marketing content manager, notes that this type of attack requires a new wave of education for users and a whole new approach to identifying phishing emails.
According to Check Point Software Technologies, the phishing scheme is referred to as Business Email Compromise (BEC) 3.0, and it has already been uncovered in PayPal, Google and other organizations. QuickBooks, an accounting software package developed by Intuit, is used to create and send fraudulent invoices to victims.
The attackers use legitimate links and spellings that make it difficult for users to identify the email as a scam.
The phishing email requires users to scrutinize the email incredibly carefully and be wary of all links, as hovering over links is no longer helpful. Instead, users must be aware of all links and take extra precautions when clicking on them.
Fuchs suggests that users need to have a new wave of education and a whole new approach to identifying phishing emails. As QuickBooks is a widely used software, it is essential that users take extra precautions when receiving emails from the software.
Overall, this new phishing attack requires a new wave of education for users and a whole new approach to identifying phishing emails. It is essential to take extra precautions when receiving emails from QuickBooks or any other commonly used software.
Users must scrutinize the email incredibly carefully and be wary of all links to avoid falling prey to this phishing scheme.