Cybercriminals Using Quickbooks to Send Invoices to Scam Users
CCR Data Center, Indianapolis, Indiana, February 8, 2022 1600 hrs
This is a CTAS notification alert from CCR Technology Partners. CCR’s Security team has received reports of cybercriminals using QuickBooks’ ability to send invoices via email to scam users.
This QuickBooks feature allows users to click on a “Review and pay” button in the emailed invoice to pay it. Unfortunately, cybercriminals are using the popularity of QuickBooks and this feature to send phishing emails that appear to be coming from a legitimate vendor using Quickbooks, but any payments made will be going to the scammer. Additionally, many of these scams can require the targeted payee use the ACH method of payment which requires a payee to provide bank account details, allowing this critical information to potentially fall into the hands of cybercriminals.
Additionally, legitimate QuickBools email payments can request this information. If users are unsure of the legitimacy of a QuickBooks invoice, the best course of action would be contact the alleged sender of the QuickBooks invoice via phone to confirm the legitimacy of the invoice.
The CCR CTAS Notification System was created to keep you informed of possible threats to your corporate network environment.
Call the CCR Helpdesk at (317) 842-1754 or visit www.GoCCR.com if you need further information.