Cybercriminals Carried Out Phishing Attacks By Spoofing Accounting Software Like QuickBooks

Cybercriminals have been using several tactics to compromise their victims. In a recent attack, attackers used spoofing, phishing, CEO-fraud, and other techniques in a single attempt to deploy malware.

What happened

Recently, a cybersecurity firm Darktrace spotted few waves of phishing attacks against a specific organization.
  • The attackers launched two phishing waves targeting the technology company Intuit's platform QuickBooks (an accounting software package), which is in high demand due to the upcoming July 15 tax deadline.
  • In the first wave, the attackers spoofed QuickBooks to send phishing emails, in which they pretended to be from QuickBooks developer Intuit with the address quickbooks@notification[.]intuit.com. The email contained a file attachment (Microsoft Office document) masquerading as a legitimate monthly invoice.
  • In the second attack wave, the attackers compromised the email address of an accountant to send a phishing email directly to the CEO, tricking them to enter their login credentials on a phony Skype page.

Other recent threats to accounting software

Hackers target accounting firms and software to gain privileged access to their clients' most protected sensitive information.
  • In June 2020, the vulnerabilities (CVE-2020-2586 and CVE-2020-2587), dubbed "BigDebIT" were found in Oracle's E-Business Suite (EBS) which if exploited, could allow bad actors to target accounting tools such as General Ledger in a bid to steal sensitive information and commit financial fraud.
  • In May 2020, a Belgian firm HLB, which has accounting businesses in 130 countries, was hit by Maze ransomware. The attack caused data leak of business contracts, accounts statements, confidential memos, and other general documents.
  • In May 2019, a cyberattack on Wolters Kluwer, one of the world’s largest accounting software platforms, caused a shut down of many of its tax and accounting software applications (Taxprep T1, Taxprep T3, CCH SureTax, and CCH Axcess).

Stay safe

The tax professionals should follow best practices on priority. Most of such attacks can be prevented with strong passwords, encrypted files, two-factor identification, and careful guarding of account access. To protect against phishing attacks, email-signing certificates, which enable email signatures, can be also helpful.