Researchers at INKY Technology Corp. today detailed a new phone scam variant that uses QuickBooks to trick victims into handing over personal information.

The scam involves scammers setting up free 30-day trial QuickBook accounts to send invoices to potential victims. The scammers send invoices claiming that the victims had purchased an item and their credit cards have already been charged. The text in the invoice states that if the targeted victims wish to dispute the charges, they should contact the phone number in the email.

The first-stage trick here is that the scammers are using legitimate QuickBook accounts and the invoices are made in and sent from Quickbooks, meaning that they appear legitimate. The invoices were found to impersonate brands, including Amazon.com Inc., Apple Inc., Best Buy Co. Inc., PayPal Holdings Inc. and other providers in an effort to make the invoices appear even more legitimate.

Although the emails are sent from Quickbooks, there are some giveaways that all is not as it should be. In various examples, Quickbook emails referred to Amazon as “Amazn” or “Amzn” to evade detection filters. If victims clicked on a link, they were taken to intuit.com (the parent company of Quickbooks) where the bad actors had created the fraudulent invoice, further adding to the invoice’s apparent legitimacy.

If the targeted victim calls the number in the email to dispute the alleged charge, the scammer attempts to extract information from the victim. The information extracted includes login credentials, credit card information and other personally identifiable information. In some circumstances, the victim is directed to a spoof website that then extracts the same sensitive information.

In one particular case, a victim was told on the phone to purchase an Amazon security card to have money refunded. The purchase was made over the phone, with the victim handing over credit card details.

“The effectiveness of these techniques relies on the panic a victim might feel if they received an invoice for goods or services that they did not purchase,” the researchers explained. “The emotional reaction to a notification of this sort can be strong and may impair judgment.”

The natural response, the researchers added, is to get right on the phone and try to back the order out or find a way to obtain a refund. “The phishers take advantage of this disrupted emotional state to extract personal or financial information before the victim realizes that something is off,” they said.

Image: INKY

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.



Source link

Load More By Michael Smith
Load More In Technology
Comments are closed.

Check Also

Borgward declared bankrupt after failed rescue efforts

Borgward has been declared bankrupt after last-ditch efforts to save the company failed. T…