Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":450,"date":"2017-10-04T15:21:07","date_gmt":"2017-10-04T15:21:07","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=450"},"modified":"2019-04-17T11:44:25","modified_gmt":"2019-04-17T11:44:25","slug":"spam-campaign-targets-quickbooks-users","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2017\/10\/04\/spam-campaign-targets-quickbooks-users\/","title":{"rendered":"Spam Campaign Targets QuickBooks Users"},"content":{"rendered":"

\"malware_6piyn\"<\/p>\n

Spam campaigns based on tax-related issues are nothing new<\/a>. In fact, there\u2019s a long tradition<\/a> (relative to the lifespan of the Internet) of phishing and malware campaigns that focus on tax time, just when people are freaking out over getting their documents together, bemoaning complex forms that couldn\u2019t be deciphered by a mathematician, and wondering when the pain will end. Capitalizing on people\u2019s fears, it would seem, is good business for spammers.<\/p>\n

Worry not. You haven\u2019t gone to sleep and woken up six months later, only to find you have \u2018til midnight tonight to file your return. It\u2019s still the fall. Tax season is over for the moment. Unfortunately, that doesn\u2019t mean the Internet is a safe place to traverse until spring rolls around.  Spammers and scam artists need to eat, too, and if they have their way, it will be a Merry Christmas indeed for them and not so much for users of the ever-popular QuickBooks accounting software.<\/p>\n

Intuit\u2019s software, used for tax preparation, accounting, billing and financial management, is quite popular with businesses in the U.S. and Canada, and users of the software are prime targets for malicious spam attacks. So it\u2019s not surprising that GFI Labs is reporting that there\u2019s a new email campaign<\/a> targeting users of Quickbooks.<\/p>\n

The campaign, which comes in the form of a phishing email that looks more polished than your average phishing attack, promises free shipping to customers who order tax form kits for their accounting software. To make the message more compelling and believable, the message uses a \u2018special offer code\u2019 and advises users to act quickly, because the offer will expire on December 14.<\/p>\n

The email message also contains several links, all of which deliver their payload when clicked. Clicking a link results in the message \u201cConnecting to Server\u2026\u201d for a few moments before redirecting the poor bugger who clicked it to a website whose IP address, GFI reports, \u201chas been \/ is still associated with Blackhole Exploit Kit and Java exploits<\/a>.\u201d Needless to say, the clicker has now been silently infected with whatever exploits lurk on the link.<\/p>\n

This isn\u2019t the first Quickbooks scam<\/a> that we\u2019ve seen. As stated earlier, users of financial software are prime targets for spammers, and phishing campaigns can be quite lucrative for scam artists when they snare a target. Intuit has even posted tips<\/a> on its website to help users recognize the warning signs of malicious unsolicited emails, but alas, people who go out and find that link have probably already tumbled down the rabbit hole. Whether the campaign offers incentives, such as the free shipping offered in this most recent exploit, or whether it scares users into action<\/a>, the end result can be disastrous.<\/p>\n

Scary Real<\/strong><\/h2>\n

What makes this recent phishing attack scary is how it passes the first glance test. Normally, formatting issues, poor language, and \u2018just plain fake\u2019 queues will tip off even the most uninformed users. This one, however, leads with large, friendly lettering offering ease of use and free shipping, a little technical information that suggests legitimacy (IRS-Approved  2012 W-2 and 1099 Tax Forms), formatting that, even though it lacks a logo for Intuit or Quickbooks, looks professional and clean, and language that appears professional and free of the bad grammar and typos you\u2019d normally expect from a spammer.<\/p>\n

The email doesn\u2019t go out of its way to offer promises of untold wealth to its targets, either, instead pushing what seems like a pretty basic and reasonable incentive. As if a signature on a masterpiece painting, it even provides a small disclaimer at the bottom: \u201c*Free W-3s not available with W-2 Blank Perforated Paper kit orders,\u201d giving it that last little brushstroke of legitimacy and perhaps putting to rest any concerns that a recipient of this email might have.<\/p>\n

Time to Remind Your Users<\/strong><\/h2>\n

No matter how legitimate this beast looks, Christopher Boyd at GFI Labs has the correct advice: \u201cit\u2019s a bad time to be randomly opening dubious emails from complete strangers.\u201d And that\u2019s the point you need to pass on to your users. Humans, by nature, are visual creatures, and although they\u2019ve been trained to spot the fakes \u2013 the crap emails that we\u2019re normally accustomed to receiving \u2013 it may not occur to them that something that looks legit could also be a fake.<\/p>\n

Remind users that anything that finds its way to their inboxes could be a security risk. Just because you\u2019ve opened your front door on a hot day to let the cool breeze in, it doesn\u2019t mean you\u2019re inviting strangers to walk right in.<\/p>\n","protected":false},"excerpt":{"rendered":"

Spam campaigns based on tax-related issues are nothing new. In fact, there\u2019s a long tradition (relative to the lifespan of the Internet) of phishing and… <\/p>\n","protected":false},"author":3,"featured_media":451,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,14],"tags":[11,9,10,8,7],"class_list":["post-450","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-spam","tag-allspammedup","tag-bot","tag-botnet","tag-malware","tag-spam","jsn-master"],"_links":{"self":[{"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/posts\/450","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/comments?post=450"}],"version-history":[{"count":3,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/posts\/450\/revisions"}],"predecessor-version":[{"id":1786,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/posts\/450\/revisions\/1786"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/media\/451"}],"wp:attachment":[{"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/media?parent=450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/categories?post=450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/tags?post=450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}