Intuit’s popular QuickBooks program can make receiving payments from clients much more convenient and easier for many small to medium sized business owners by allowing the user to send invoices via email. Making, sending, receiving, and tracking the invoice can all be done in one place electronically, which may be very appealing to many people. And, although the security of the QuickBooks program itself has not shown any issues, many phishing criminals are now targeting its email invoice function to create business email compromise (BEC) scams.
In other words, some scammers have begun to send fake emails that seem to be from QuickBooks vendors to create payment scams. The scam emails usually appear as if they are legitimate emails, and can even include real names, logos, etc. Although these emails can be hard to spot, it is extremely important that the person receiving the email does not interact with it. If the user is not careful and falls for a fake email, they will send an invoice payment to the scammer. In some cases, the phishing emails will request that the payment be initiated using the automated clearing house method (ACH), which will require the payee to input their banking information. If the user does so, the phishing criminal will then have access to their bank account details. Both scenarios can turn into major headaches for the victims of these scams.
Identifying Fraudulent Emails
So, how can you tell the difference between a phishing scam email and a legitimate one? One major red flag would be if the company in the email or the email sender is not one that you recognize. That is the quickest way to identify a scam email. According to Intuit, their emails will always originate from either @intuit.com, or @e.intuit.com. They also state that QuickBooks should never ask for your personal information in an email, so any requests for personal information in a QuickBooks email would be a huge indicator of a potential scam email.
Another method would be to check the URL that is linked to the ‘review and pay’ button in the email. You can typically do this by hovering your mouse arrow over the button. The URL link associated with the button will appear. If the link domain matches the domain that the email originated from, that is a good indicator that the email is real and safe. Further, if the URL includes intuit.com, it is most likely a legitimate payment request generated through QuickBooks.
Additionally, QuickBooks will most likely address the recipient of their email by name. If the email starts with something like ‘Dear Client,’ it is probably not a legitimate email. Plus, QuickBooks email invoices will include a detailed, itemized PDF version of the invoice. Scam emails may either not include a PDF version or include a fake invoice that could be very vague or generic.
If your business works with an IT partner like Blue Oak, they will also be able to tell you whether an email is real or fake.
Be Careful And Stay Educated
If you suspect that an email you have received may be a scam email, do not hesitate to contact the vendor that it is supposedly coming from through a different email or trusted alternate communication method to inquire about any unexpected or suspicious bills. They will be able to give you reliable information on whether the email is legitimate or not. You can also check Intuit’s website for any reports of fraudulent activity from other users.
Also, remember, this is just one of the many known QuickBooks related scams. Always use caution when any source is asking for payment or banking information, account details, personal information, or any other information that may allow someone to compromise your accounts, computers, or your business. No matter the circumstances, it is always smart to verify the legitimacy of anyone who may be dealing with sensitive information. Education and awareness are crucial to the prevention of these scams.
Check out our previous post: The Benefits of a Security Camera System for Businesses
