MailGuard has intercepted a new phishing campaign impersonating QuickBooks, using a fake customer refund dispute to trick recipients into handing over sensitive banking information.
The scam begins with a plain HTML email claiming that a customer refund request has been lodged for an incomplete or undelivered service.
The email uses the display name QuickBooks, but the sender details reveal the message is not legitimate:
• Display address: info(at)rozenkruis(dot)nl
• Sending address: pm_bounces(at)pm-bounces(dot)rozenkruis(dot)nl
The message includes a single link labelled as a QuickBooks case or payout page. Clicking the link takes the recipient to a spoofed Intuit-branded login page.
The first phishing page asks for an email or user ID, mimicking the legitimate QuickBooks login experience. After submission, the victim is shown a connection or authentication screen.
The next page presents an “Identity Verification” prompt asking for an account number and routing number, which are sensitive banking details.
After the details are entered, the page displays a fake success message before redirecting to the legitimate QuickBooks login page.
This redirection is designed to reduce suspicion. To the victim, it may appear that a normal sign-in process has occurred, when in fact their banking information has already been captured.
This campaign is a reminder that phishing is not limited to password theft. Attackers are increasingly targeting the information that enables direct financial fraud, including bank account and routing details.
For businesses, the risk is especially serious because QuickBooks is widely used for accounting, invoicing, payments and financial administration. A convincing dispute or refund notice can easily land in front of finance, admin or operations staff who are used to handling payment-related issues.
Accounting firms and accounting software credentials are a high value target for scammers. MailGuard has blocked this campaign before it could reach customer inboxes.
Stay Safe, Know the Signs
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist AI-powered, zero-day email security. Special Ops for when speed matters! Our real-time zero-day, email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.