QuickBooks User Accounts Spoofed and Used to Deliver Malicious Invoices

QuickBooks, the popular accounting software that many small businesses use for invoices, payments, and bookkeeping is now being leveraged by bad actors to bypass internal security and email systems to deliver malicious artifacts such as invoices to your customers. The attack impacts your customers by:

  1. Harvesting your customer’s phone number to set the stage for future attacks, and
  2. Take credit card payments, which can also be used for further fraudulent activity downstream

According to research conducted by Avanan, Quickbooks user accounts are being spoofed which send out invoices that look like they are coming from you.

Anavan recommends:

  1. Googling unfamiliar numbers
  2. Validating unfamiliar charges
  3. Implementing advanced email filters
  4. Work with IT staff to verify the legitimacy of suspicious emails

Leave a Reply

Your email address will not be published. Required fields are marked *