Posts

Scam Alert: QuickBooks & Intuit Phishing Emails

Recently there has been a rise in the number of phishing emails that appear to be sent by QuickBooks and Intuit. These messages state that the customer has a payment due on an open invoice. The balance due on the fake email is a higher amount than the typical cost of the software and any subscriptions offered by Intuit.

3 Common Methods for Phishing:

  • Spoofed Email Address – We have seen fake email addresses such as intuit@hmrsss.com and quickbooks@bostonsat.com.
  • Fake Link – Never click on a link in a suspicious email. These links may take you to a site that asks you to log in, providing hackers with your account information. Use your mouse and hover over the link to see if you can spot a hidden web address that is different than the one on the surface. An example of a message that would be included with a fake link:

       “This invoice notification is being delivered to you by Intuit Invoice Services on behalf of Veri Facts Inc. Click the link above to find an invoice.”

  • Forged Website – Fake websites may appear like real sites by using company logos and images. When visiting financial sites, enter the known address into the browser field manually.

Phishing was listed as one of the top tax scams of 2017 and continues to be an issue.

If you receive these emails – do not click any links! Forward the email to spoof@intuit.com immediately. For more information and to learn steps to protect yourself from a phishing attack, see the Intuit forum article here.

LBA Haynes Strand is dedicated to alerting the public on any scam or fraudulous attempt to steal identities or gain access to important financial information.  If you are interested in automatically receiving updates such as this, please subscribe to our blog.

Protect Yourself Against The New Tax Refund Scam

The IRS has reported that the number of potential victims impacted by a tax scam has increased from a few hundred to several thousand in just a few days. Putting a new twist on an old scam, criminals are taking taxpayer information, filing fraudulent returns, and depositing erroneous refunds into real taxpayers’ bank accounts. The criminals then contact the victim and use a variety of tactics to attempt to claim the refund.

The scam appears to have originated from tax preparers’ offices, where computers that have been infected with malware provided criminals with access to thousands of consumers’ return data.

“Speed is critical,” the agency said in its advisory. “If reported quickly, the IRS can take steps to block fraudulent returns in a preparer’s clients’ names.”

As tax preparers increase their security settings to protect client tax and financial files, it is important that consumers also protect themselves by knowing identity theft warning signs.

Top Indicators of Tax-Related Identity Theft
  • More than one tax return was filed using your Social Security Number 
  • IRS records indicate you received wages from an establishment at which you never worked
  • You owe additional tax, receive a refund offset notice, or have had collection actions taken against you for a year you did not file a tax return
If you become a victim and notice an erroneous deposit in your account, take the following steps:
  • Contact your tax preparer immediately.
  • Contact the Automated Clearing House (ACH) department of the bank/financial institution where the direct deposit was received and have them return the refund to the IRS.
  • Call the IRS toll-free at 800-829-1040 (individual) or 800-829-4933 (business) to explain why the direct deposit is being returned.
  • Be aware that interest may accrue on the erroneous refund.
  • Communicate with your financial institution and be prepared to close your account, since the information has been accessed by criminals.

You can also access the steps for returning your erroneous refund directly on the IRS website.

Remember: The IRS does not initiate contact with taxpayers by email, text, or social media, or phone calls to discuss your account. If you receive a message, be suspicious!

LBA Haynes Strand is dedicated to alerting the public on any scam or fraudulous attempt to steal identities or gain access to important financial information. If you are interested in automatically receiving updates such as this, please subscribe to our blog.

Fake Accounting Invoices Used to Steal Credentials

A recently resurfaced banking Trojan is now being used in a malware/phishing campaign targeting users of accounting services provider Xero. Similar attacks have also been used against users of Intuit and QuickBooks. The goal of these attacks is to gather login details for banking and financial accounts. Here’s how it works, what it looks like, and what do if you get this message:

How it works:

The attack sends a spoofed email message that appears to come from Xero/Intuit/QuickBooks regarding an invoice and attempts to get the recipient to click a link to download the invoice. This link will download a ZIP file which contains another file that appears to be the invoice itself but is actually a malicious JavaScript (.js) file which installs the malware.

What to do:

  • Before clicking any link in an email, hover your mouse over that link and observe where it will take you. Either a pop-up will appear next to the link, or look at the bottom of your email program to see the actual link address. If you don’t recognize the link or it’s slightly altered (for example, intuito.biz instead of intuit.com) from the official site: Don’t click on it!
  • Be cautious around ZIP files, often they are used by malware to disguise contents.
  • If you have already clicked on or opened something suspicious that doesn’t show or do what you expect: run extra malware scans – in addition to your regular anti-virus software, contact your trusted IT advisors to see if further checks are necessary, and take precautions to change your account passwords especially for financial institutions – from another computer!