Breaking: Cybercriminals impersonate Intuit QuickBooks client in invoice scam

Posted by Jaclyn McRae on 14 September 2016 09:06:59 AEST

 A major cloud-accounting provider is being impersonated in a malicious new email scam.

The email, delivered to thousands of inboxes in a sustained attack, attempts to imitate an Intuit QuickBooks invoice. Its aim is to trick recipients into clicking a malware-laden link.

The email asks the recipient to download and view an invoice. Clicking the link directs users to a malicious website which downloads a JavaScript file.

Three variants of the scam have used slightly different sending addresses to bombard inboxes in the past 24 hours in an unusually persistent and evolving attack.

The scam trades on the recognisable name and trusted reputation of QuickBooks, used by small and medium businesses around the world.

MailGuard CEO Craig McDonald said this type of malware had the potential to be crippling.

"Scams of this nature typically attempt to steal valuable data like usernames and passwords, sensitive banking and financial information, or in some cases a Trojan will lay dormant allowing the attacker access to data at a future date," he said.

"As accountants, bookkeepers and financial professionals, Intuit QuickBooks users and their customers are particularly attractive to cybercriminals who know that they hold access to valuable financial information for company payrolls, invoicing, and the like.”

This latest scam appears as an invoice from a company that uses Intuit QuickBooks to generate its invoices, and features the software company’s logo. The sending address is, which is similar to the company’s real invoicing address, but the domain used was only registered yesterday.

The email has an invoice number, the date, an amount owing and a link to download the invoice. Clicking the link directs users to a malicious website that downloads a Trojan to their computer.

Here’s what the fake invoice looks like:


The danger of this type of scam is that it’s not just customers of the impersonated company who might fall victim.

This is because similar emails are sent out thousands of times a day by companies that use QuickBooks for invoice generation.

Here’s how a legitimate invoice generated by QuickBooks appears:


Note the PDF attachment rather than a link away from the email. Housing the malicious content away from the email body makes it easier for the cybercriminals to evade scam detection.


An easy way to check potentially-suspicious emails is to hover your mouse over the sender’s address. This will reveal more about the real sending domain. The most realistic scams register a domain very similar to the correct one.

Why Trojans pose a massive risk to businesses large and small

Trojans sit quietly in the background, and will take actions not authorised by the user, such as modifying, stealing, copying or even deleting data.

This type of malware is most dangerous because the user may not notice it running in the background until such time they are made aware – this can sometimes be weeks or even months after the event.


For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. 

Our benchmarking shows that MailGuard is consistently two to 48 hours ahead of the market in preventing new attacks.

Find more tips on identifying email scams by subscribing to MailGuard’s blog.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top

Topics: Cyber Criminals email scam Email Spam Trojan Scam QuickBooks malicious email email fraud invoice scam Intuit Quickbooks

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all