SMEs urged to back up data as email scam hits QuickBooks

SmartCompany, September 15 2016:

Businesses everywhere are being advised to be vigilant in the face of a new email scam to hit popular cloud accounting service Intuit QuickBooks.

The scam was uncovered yesterday by email filtering service MailGuard, which revealed the scammers were attempting to fake invoices from QuickBooks.

Quickbooks is used by SMEs worldwide for online accounting and bookkeeping. In 2015, the company served 29 million users in the US alone.

The email includes a link directing users to a website that automatically downloads a “Trojan” virus, which is designed to run in the background and quietly steal users’ data.

The fake email features the QuickBooks’ logo, and comes from a very similar sending address to QuickBook’s legitimate address.

Nicolette Maury, vice president and country manager for Intuit Australia, told SmartCompany, product security “remains a top priority and security threats continue to evolve, for Intuit and everyone in the industry”.

“Intuit is aware of this email and we advise all customers to send any suspicious e-mails directly to In addition, is the internal and external customer facing website to report any concerns,” Maury says.

A real invoice from QuickBooks does not include the company’s logo, or any graphics at all. The invoice is attached as a PDF, and the user is not required to click any external links.

MailGuard labelled the scam as “an unusually persistent and evolving attack”, claiming the scam originates from a number of slightly different sending addresses, which have been used to “bombard” inboxes over the past two days.

MailGuard chief executive Craig McDonald told SmartCompany this morning the attack was unusual in its volume and size, and was still ongoing.

“They had another run about three minutes ago, so not over yet,” McDonald says.

“In the last 24 months cyber criminals have been ramping up their attacks, and now they’re targeting brands that businesses know and trust.”

The attack has changed origins 12 times in the last 24 hours, McDonald revealed, and the structure of the scam email itself has also changed. McDonald says these attacks can be successful because of the emails’ sense of familiarity.

“Staff click on it thinking they’re doing the right thing, and as it’s an invoice email it commands a sense of familiarity,” McDonald says.

“Due to the nature of the virus, it can have an immediate impact on the business.”

The downloaded Trojan can come in many forms, but McDonald says this particular attack seems to be after businesses credentials. He also warns of “Cryptolocker” software, which can steal businesses data and hold it at ransom.

Businesses that think they have been affected by this scam or one similar should take immediate action, and McDonald says data backups are essential.

“If it’s a cryptolocker attack, determine if your business has sufficient backups so you don’t have to pay the ransom,” he says.

“If it’s after your credentials, it’s essential to have someone reputable and qualified to look into protecting your data.”

McDonald also recommends using a comprehensive antivirus system.

Economic impact on businesses

Last year, these type of attacks cost Australians upwards of $15 billion, and McDonald says businesses need to “step things up”.

“The economic impact on businesses is enormous. Not only can your financial details be compromised, but the time spent fixing the issue is delaying business as usual,” he says.

MailGuard says it has begun to work with large companies like Microsoft to take steps towards protecting Australia’s SMEs.

“If a SME gets impacted by a scam like this one, there is a 60% chance that that business could be closing its doors in a few months,” he says.

MailGuard advises if a business receives an email that seems suspicious, the best way to determine its legitimacy is its sending address. Hovering over the address will provide extra information such as the sending domain, which will usually have errors or be otherwise incorrect.