Cyber scam targets small businesses through their accounting software.
Authored by: Jim Stewart, Founder DocuSend, powered by MTI.
Last Modified: April 02, 2020
This clever new phishing scam is one of many fraudulent attempts to con small businesses through their accounting software. With COVID-19 and more employees working from home, there has been an increase in phishing and other cyber threats. This particular rip-off targets QuickBooks users, but it could apply to any software. The Better Business Bureau’s website explains how the scam works:
The business receives an email containing the subject line ''QuickBooks Support: Change Request.'' The message is ''a confirmation'' that you changed your business name with Intuit, QuickBooks' manufacturer. You think it must be a mistake, because you never made such a request. You're grateful to see the email contains a link to cancel.
The link is just bait. Clicking it will install malware on your device, capturing your passwords and hunting for sensitive information. In other words, they get the keys to steal your company's identity.
The BBB also gives a few basic tips on how to protect yourself from cyberthieves:
- Check the reply email address. The address should be on a company domain, such as firstname.lastname@example.org.
- Check the destination of links: Hover the cursor over links to see where they lead. Be sure the link points to the correct domain (www.companyname.com), not a variation such as companyname.othersite.com or almostcompanyname.com.
- Consider how the organization normally contacts you. If an organization normally reaches you by mail, be suspicious if you suddenly start receiving emails or text messages without ever opting in to the new form of communication.
- Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Be especially wary of messages you have not subscribed to or companies you have never done business with in the past.
- Don't believe what you see. Just because an email looks real, doesn't mean it is. Scammers can fake anything from a company logo to the "Sent" email address.
As global cybercrimes continue to increase, U.S. firms are relentlessly pressured to update their security systems to keep ahead of these criminals. It’s even worse for consumers of small businesses. In many cases, consumers just don't have the time or resources to protect themselves.
Protection against cybercrimes is the central reason more and more consumers don't want their bills and legal documents sent to their personal email addresses. Residential customers across multiple generations, as well as many businesses, prefer the U.S. Postal Service to deliver their bills and invoices, and the easiest and most cost-effective way to mail them is to use DocuSend, the cloud-based mailroom. From a security perspective, it's an unbeatable combination. The USPS is protected by more than 200 federal laws, and using DocuSend is faster than buying a stamp!
For more information on email security best practices, read these tips from CapstoneIT.