QuickBooks, the popular accounting software that many small businesses use for invoices, payments, and bookkeeping is now being leveraged by bad actors to bypass internal security and email systems to deliver malicious artifacts such as invoices to your customers. The attack impacts your customers by:
- Harvesting your customer’s phone number to set the stage for future attacks, and
- Take credit card payments, which can also be used for further fraudulent activity downstream
According to research conducted by Avanan, Quickbooks user accounts are being spoofed which send out invoices that look like they are coming from you.
- Googling unfamiliar numbers
- Validating unfamiliar charges
- Implementing advanced email filters
- Work with IT staff to verify the legitimacy of suspicious emails