If you’re a QuickBooks user, you may see an email with the subject line, “QuickBooks Support: Change Request”. This is yet another attempt by cybercriminals to trick you into clicking on a link or opening an attachment that downloads malicious software on to your computer or network.
These attacks usually use fear tactics to lure unsuspecting users into doing what they want, and this attempt is a perfect example. The message claims to be from Intuit, claiming that your business has changed its name and asking you to click on a hyperlink to cancel the request. If you do so, then you’ve opened up your system to the bad guys.
Phishing attacks are becoming more and more sophisticated and credible, with company logos and reasonable sounding requests. To determine whether a message is legitimate, check the following:
- Does the message make sense? If you’re not a QuickBooks user, obviously this one’s not intended for you. Likewise, if you receive a shipping notification from FedEx or UPS but you’re not expecting a shipment, proceed cautiously.
- Does this sender usually communicate by email? For example, the IRS will never email a penalty notice, but will send it by snail mail. Consider how you’re usually contacted and whether this is an unusual request.
- Does the message use language intended to cause panic? Messages that tell you to “act now or else” should alert you that the sender might have an ulterior motive.
- Check the sender’s email address and hover over any links to view where the URL goes. Be sure it’s the correct domain name instead of one with a similar-sounding name.
Phishing emails are used by the bad guys to obtain passwords, steal identities, and hold company information for ransom. Don’t be a victim!