Hackers Using Free QuickBooks Account to Create, Send Fake Invoices

This phishing attack brings a one-two punch to victims.

Edward Gately, Senior News Editor

April 6, 2023

6 Slides

A new phishing scheme has surfaced during the 2023 tax season in which hackers are creating a free QuickBooks account and using it to send fake invoices.

That’s according to Avanan, a Check Point Software Technologies company. It refers to the scheme as business email compromise (BEC) 3.0. It already uncovered this scheme in PayPal, Google and more.

QuickBooks is an accounting software package developed and marketed by Intuit.

In this attack, hackers send a fake invoice from a legitimate QuickBooks domain. This email comes directly from QuickBooks and has a QuickBooks email address. It will pass all standard email authentication checks, domain checks and more. There’s nothing inherently wrong with the text and no malicious links.


Avanan’s Jeremy Fuchs

Jeremy Fuchs, Avanan‘s marketing content manager, said in BEC 3.0, “all the typical phishing hygiene tricks are thrown out the window.” He provided as an example a fake invoice for Norton Lifelock.

“You can’t see a discrepancy in the sender’s address,” he said. “The links are legitimate. The spelling and grammar are on point. You may question why they’re asking for a Norton Lifelock payment, but plenty of people use Norton Lifelock. And that goes for both consumers and businesses. In short, users have to scrutinize this email incredibly carefully. And let’s be honest, how many end-users do that? This requires a new wave of education for users. Hovering over links isn’t as helpful. Now users have to be wary of all links. This requires a whole new approach.”

It’s “super easy” to create and send an invoice using a free account in QuickBooks, Fuchs said.

Scroll through our slideshow above for more about this QuickBooks invoice phishing scheme.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like