This is the second email scam mimicking a Quickbooks notification that MailGuard has detected today. As you can see in the screenshot above, the message is meant to look like an invoice notification message.
Although this scams looks superficially similar to the one from earlier today, the sender addresses and underlying mechanisms of this attack are actually quite different.
The fact that this scam is so superficially similar to the one MailGuard intercepted earlier could indicate that the two attacks have been released by the same criminals, but because there are significant differences in the way the scams work, that is not necessarily the case.
Malware as a service (MaaS) is a fast-growing phenomenon in the cybercrime world so it’s quite likely that these two emails are actually the work of different scammers using the same off-the-shelf malware package, bought from an underground vendor and then adapted for their own specific purposes.
You can read more about MaaS, and the way it is used by scammers in our blog post, here.
This scam is designed to look like an invoice notification created through the Quickbooks system but of course, it is really just a ruse to get the victim to click on the ‘view invoice link’ in the message. This link takes the victim to a compromised Wordpress domain, which then redirects them to an archived file which contains malicious JavaScript code.
Malware created in JavaScript can perform a wide variety of functions; it is commonly used to install spyware and botnet worms on computer systems and to deliver ransomware.
This message displays a wide variety of different ‘subject’ field variants, including:
The message is also designed to display a range of different sender names and email addresses, including:
MailGuard has prevented this scam email from reaching our clients, but it may still turn up in your inbox if you do not have MailGuard protection.
If you see this message delete it immediately to avoid harm to your computer system.
Malware attacks can be enormously costly and destructive and new scams are appearing every day. Don’t wait until it happens to your business; take action to protect your company from financial and reputational damage, now.
Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering protection. You’ll significantly reduce the risk of malicious email entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: 1300 30 44 30
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: