If you’ve seen this email in your inbox, best to delete it immediately. It’s a new scam using forged QuickBooks branding to try and trick people into clicking through to a malicious website.
MailGuard has detected multiple variants of this attack, using different company names and sender address domains.
The scam appears to be based on compromised company websites that have been hacked and used to run malware.
In addition to messages like the one above, we have also seen variants that are in French rather than English.
This email attack is a typical example of a hacking technique known as brandjacking; basically a kind of forgery. Scammers use the trademarks of well-known companies in their emails to deceive their victims and gain their trust.
In a typical brandjacking scam, criminals create email templates that look like messages from big companies and send them out wholesale to millions of recipients. When the scam message shows up in a victim’s inbox they feel safe opening it because it looks like a legitimate message from a familiar company.
Some commonly used brandjacking formats are fake invoice notifications or requests for account verification.
Defend your inbox
For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious email entering your network.
Talk to an expert at MailGuard today about your company's cybersecurity needs: 1300 30 44 30
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below: