Intuit Discovered a New Fake Email Campaign Impersonating It
Hoax-slayer.com published a report on 24th July, 2012 stating "Payroll processing" emails purporting from financial software provider Intuit is presently camouflaged the Internet and targeting innocent Internauts.
Help Net Security reported on 23rd July, 2012 that the fake email addressed to the recipient with the subject matter as "We have acknowledged your payroll dispensing request" and reads: 'Intuit received your payroll on 16th July, 2012 at 1:25 AM pacific time and US$ 6,976.46 will be drawn from bank account number ending with XXXX on 17th July, 2012. Paychecks will be transmitted to your employees' accounts on 17th July, 2012.
The email asks the recipient to download the payroll by clicking on a link.
The email reads: 'As per rule, funds are reserved before normal timing of the bank and therefore you must ensure availability of enough funds by 12 a.m. on the exact date of withdrawal of funds. Intuit must attain your payroll before 5 p.m. Pacific time of two banking days prior to your date of paycheck otherwise your workers will not be remunerated on time. QuickBooks does not practice payrolls on weekends or on federal banking holidays. An inventory of federal banking holidays can be approached at the website of federal reserve.
Certainly, the e-mails are not being sent from the Intuit. In fact, the e-mails are intended to ploy the recipients to download the malware in their personal computers. The crooks hope that the recipients will get panicked and will believe that a lot of money will be drawn from their bank accounts. Hence, they will tick at the link in the email without any consideration which will in fact take them to a negotiated website that harbors malware.
The duped is forwarded to a site that has more information about withdrawal of payroll and is requested to wait till the page is fully loaded. Nevertheless, the page by itself redirects to additional sites where Trojan and other kind of malware may be downloaded to the victim's computer.
Once established, the malware can rob off sensitive information contained in the computer while changing the settings of the computer and attaching to remote servers.
Intuit on its official website warns about the fake email and suggests to send a copy of the email to email@example.com and delete the same.
Related article: Initiation of an Inquiry Committee to Eliminate Malware
» SPAMfighter News - 02-08-2012