Scammers are trying to trick email users into infecting their devices with malware by opening an email attachment disguised as an invoice or receipt for QuickBooks.
Email users may receive the following email (or similar looking email) claiming to contain a purchase order, invoice or receipt for a purchase of QuickBooks. The email will contain an attachment for the email user to open.
Type of Scam: Malicious email attachment attack
Attack Type: Microsoft Office “macro” malware
Social Engineering Technique: Attached invoice/receipt/purchase order
An example of the email is below.
Please find our purchase order attached to this email.
Thank you for your business – we appreciate it very much.
Sincerely,
————————- Sales Receipt Summary —————————
Receipt # : 7149
Receipt Date: 10/27/2021
Total: $3,961.00
The complete version has been provided as an attachment to this email.
QuickBooks is a legitimate accounting software package developed by the company Intuit. However this email has nothing to do with QuickBooks. It was sent by cybercrooks and is a malicious email attachment scam, designed at tricking email users into opening dangerous email attachments.
Those who are not customers with QuickBooks may be tempted to open the email attachment as a way of determining why they have been billed for a product they don’t use. Customers of QuickBooks may open the email attachment assuming it is a genuine purchase order or invoice.
The attachment in this case is a malicious Excel file. Within the Excel file are pieces of code called Macros. Macros can be coded by third parties, including cybercrooks and are thus capable of infecting a device with malware. Microsoft Office programs like Excel will consequently disable Macros by default until a user enables them, meaning such attacks rely on a user enabling Macros after opening an infected Excel document.
Sponsored Content. Continued below...
More on how Macro malware scams work can be found here.
If a user believes the email is genuine and opens the attached Excel file, and enables Macros, they will infect their computer with malware.
Emails that claim you have been billed for something and offer an invoice or receipt is a common social engineering trick to lure email recipients into opening dangerous email attachments, on the belief they have been billed for something they did not order.