Spear Phishing E-mail Strikes ‘QuickBooks’ Users

According to a warning released by Intuit, people using its well-known accounting software 'QuickBooks' are being targeted with a personalized e-mail in a new spear phishing attack. The warning has arrived through the company's official website.

The phishing message states that just as it happens with numerous organizations that store massive databases, a recent hacking assault has targeted Intuit as well. Consequently, certain personal and contact information have been compromised, consisted of QuickBooks names, phone numbers and e-mail addresses.

Moreover, the message tries to appear legitimate and authentic. It tells recipients that as soon as Intuit became aware of the data infringement incident, the company began an investigation to fix the problem. It then states that Intuit is keeping track of any unauthorized dealing with its stored information, and hasn't found any misuse of existing data.

Additionally, the e-mail tries to dupe recipients (the QuickBooks customers) and infect their computers. Thus, it states that recipients should download and execute a "QuickBooks Update" that turns out to be a malware-installing program.

It is not uncommon for QuickBooks and other users of Intuit to be hit by bogus e-mails.

Consequently, Intuit cautions customers that if they find a suspicious or unsolicited e-mail in their inbox, then they should ignore any given attachment. Scam e-mails could carry malicious links that take users to websites which ask for their login as well as account details. To check whether a web-link is genuine or not, a user may place his mouse's arrow on it, and then see for the hidden URL address inside the browser's bottom portion. If the web-link is false, then the hidden address would appear different, Intuit tells consumers.

Intuit also says that any consumer getting such a fake e-mail can inform the company by forwarding the message to security@intuit.com, Intuit's help-desk.

Finally, security researchers stated that for theft of identity, personalized phishing e-mails prevailed in early part of 2009. Other conventional phishing scams are also occurring towards the end of the year, but the attack against Intuit is yet another turn in e-mail attacks.

Related article: Spyware Detection Programs Track Advertisers’ Cookies

» SPAMfighter News - 12/17/2009