Small businesses in Australia using QuickBooks‘ cloud accounting solutions are being urged to back up their data after revelations of an email scam.
Reports on Thursday (Sept. 15) said email security service MailGuard has identified a business email scam reaching QuickBooks’ SME customers, sending fake invoices and seeking payment. The email contains a link to a website that automatically downloads a Trojan virus to users, reports said.
Like most business email scams, the requests for payment seem legitimate to recipients. Reports said the emails contain QuickBooks’ logo, and the sender’s address mimics a QuickBooks address.
“Intuit is aware of this email, and we advise all customers to send any suspicious emails directly to email@example.com,” said Intuit Australia Vice President and Country Manager Nicolette Maury in a statement. She also pointed SMEs to a page on the Intuit site where users can report security concerns.
Reports said that actual invoices sent via QuickBooks don’t contain the QuickBooks logo, and invoices are sent as a PDF attachment to emails; QuickBooks users don’t need to click on any links.
According to MailGuard, this round of email scams is “an unusually persistent and evolving attack,” with the scam having roots in multiple sending email addresses. The company added that the attacks have been strengthening in the last few years.
“In the last 24 months, cybercriminals have been ramping up their attacks, and now, they’re targeting brands that businesses know and trust,” said MailGuard Chief Executive Craig McDonald in an interview with SmartCompany. “Staff click on it thinking they’re doing the right thing, and as it’s an invoice email, it commands a sense of familiarity.”
According to reports, business email scams cost SMEs in Australia more than $11 billion in 2015 alone.