Malicious email claiming to be Quickbooks invoice attempts to install malware

ByCraig Haley

Scammers are trying to trick email users into infecting their devices with malware by opening an email attachment disguised as an invoice or receipt for QuickBooks.

Email users may receive the following email (or similar looking email) claiming to contain a purchase order, invoice or receipt for a purchase of QuickBooks. The email will contain an attachment for the email user to open.

SCAM
Type of Scam: Malicious email attachment attack
Attack Type: Microsoft Office “macro” malware
Social Engineering Technique: Attached invoice/receipt/purchase order

An example of the email is below.

Please find our purchase order attached to this email.
Thank you for your business – we appreciate it very much.
Sincerely,
————————- Sales Receipt Summary —————————
Receipt # : 7149
Receipt Date: 10/27/2021
Total: $3,961.00
The complete version has been provided as an attachment to this email.

QuickBooks is a legitimate accounting software package developed by the company Intuit. However this email has nothing to do with QuickBooks. It was sent by cybercrooks and is a malicious email attachment scam, designed at tricking email users into opening dangerous email attachments.

Those who are not customers with QuickBooks may be tempted to open the email attachment as a way of determining why they have been billed for a product they don’t use. Customers of QuickBooks may open the email attachment assuming it is a genuine purchase order or invoice.

The attachment in this case is a malicious Excel file. Within the Excel file are pieces of code called Macros. Macros can be coded by third parties, including cybercrooks and are thus capable of infecting a device with malware. Microsoft Office programs like Excel will consequently disable Macros by default until a user enables them, meaning such attacks rely on a user enabling Macros after opening an infected Excel document.


Sponsored Content. Continued below...




More on how Macro malware scams work can be found here.

If a user believes the email is genuine and opens the attached Excel file, and enables Macros, they will infect their computer with malware.

Emails that claim you have been billed for something and offer an invoice or receipt is a common social engineering trick to lure email recipients into opening dangerous email attachments, on the belief they have been billed for something they did not order.

  • Don’t open any email attachment from an email you were not expecting or appears suspicious, even if you appear to know the sender.
  • Be especially cautious of emails claiming to have an invoice, receipt or purchase order for an order you have no knowledge of.
  • If an email attachment contains an Office document (Word, Excel etc.) and that file asks you to “enable content” (i.e. enable Macros) then this is a sign that Office document may harbour malware.
  • Always have reliable security software installed on all your devices. Our recommendations are here.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)