ADVERTISEMENT
TechEconomy
Saturday, May 31, 2025
No Result
View All Result
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS
No Result
View All Result
Tech | Business | Economy
No Result
View All Result
Podcast

Home » Avanan Report: Sending Phishing Emails from Quickbooks – What You Should Know

Avanan Report: Sending Phishing Emails from Quickbooks – What You Should Know

Techeconomy by Techeconomy
June 27, 2022
in Security
0

RelatedPosts

Cyberdefence SensePost

SensePost debuts SecDevOps: A developer-oriented Security Training Course

May 29, 2025

Check Point to Acquire Veriti Cybersecurity

May 28, 2025

Hackers continually impersonate trusted brands to get into the inbox. By leveraging the legitimacy of a trusted domain, security solutions are more likely to view the email itself as legitimate. 

The content of the email may differ from the services that the domain offers. That’s not necessarily important; what is important is leveraging the legitimate service. We call this The Static Expressway.

This refers to the practice of hackers utilizing websites that are on static Allow Lists to get into the inbox.

Starting in May 2022, Avanan researchers have observed hackers  using the domain of Quickbooks–quickbooks.intuit.com–to send malicious invoices and request payments.

The hackers send the email from Quickbooks’ domain, using a free Quickbooks account that they have signed up for, with the email body spoofing brands like Norton or Office 365.

In this attack brief, Avanan will analyze how hackers are leveraging legitimate and popular websites to get into inboxes and steal credentials and money.   

Attack

In this attack, hackers are creating accounts in Quickbooks, and then sending malicious invoices and requests for payments directly from the service.  

Vector: Email

Type: Credential Harvesting

Techniques: Brand Impersonation, Double Spear

Target: Any end-user

Email

In this attack, threat actors are using the legitimacy of Quickbooks to get into the inbox.

Email Example #1

QuickBooks
Advertisements
MTN ADS
Avanan Report
Avanan Report

In this attack, hackers are presenting what looks like an invoice for Norton. The email comes from a Quickbooks domain. That is because the hackers have signed up for a Quickbooks account, and are sending an invoice from that account. It presents an invoice and encourages you to call if you think there are any questions. When calling the number provided, they will ask for credit card details to cancel the transaction. Note that the number is one associated with such scams, and the address doesn’t correlate with a real one. 

Techniques

Hackers, particularly on the dark web, are using a combination of social engineering and legitimate domains to extract money and credentials from end-users. By using a legitimate domain–in this case, Quickbooks–it offers a trusted domain by which to send phishing emails. This process is not unique to Quickbooks.

Over the years, we’ve seen this across many popular brands, such as Microsoft, Google,  Walgreens, DHL,  Adobe and many more. The idea is to take advantage of the fact that these popular websites are on static Allow Lists.

Organizations can’t block Google, so Google-related domains are allowed to come into the inbox.

These static lists are continually pilfered by hackers. This has manifested itself in hackers hosting phishing content on sites like Milanote.

In this case, hackers are using the actual domain of Quickbooks to get into the inbox. All they have to do is create an account on Quickbooks, which is simple and free to do. Quickbooks is a trusted domain–static Allow Lists will let it fly into the inbox. 

Once there, they present classic social engineering tactics, such as urgency and monetary damages. By requiring the end-user to call to see what’s going on, the hackers then harvest the phone number, allowing them to use it for future attacks. We call this tactic phone number harvesting.

This attack then presents a one-two punch. The hackers get money, and have a phone number for future attacks, whether it’s via text message or WhatsApp.   

This attack works because of what hackers on the dark web call a double spear:

  • Make the user call the listed telephone number
  • Make the user pay the invoice

Add to the fact that there’s built-in legitimacy since the email comes from Quickbooks and this represents a particularly tricky and effective phishing campaign.  

Best Practices: Guidance and Recommendations

To guard against these attacks, security professionals can do the following:

  • Before calling an unfamiliar service, Google the number and check accounts to see if there were, in fact, any charges
  • Implement advanced security that looks at more than one indicator to determine in an email is clean or not
  • Encourage users to ask IT if they are unsure about the legitimacy of an email

Loading

Author

  • Techeconomy
    Techeconomy

    View all posts
0Shares
Tags: DHLgoogleMicrosoftNorton or Office 365QuickBooksStatic ExpresswayWalgreens
Previous Post

The Time to Unlock Skills Development Potential of 4IR is Now, says PBT Group 

Next Post

New Book Reveals How Atiku, Joda, Ndukwe Saved 2001 GSM License Auction

Techeconomy

Techeconomy

Related Posts

Cyberdefence SensePost
Security

SensePost debuts SecDevOps: A developer-oriented Security Training Course

by Destiny Eseaga
May 29, 2025
0

Orange Cyberdefence SensePost will be launching a new information security training course aimed at enriching software developers with security thinking....

Read more
Check Point to acquire Veriti

Check Point to Acquire Veriti Cybersecurity

May 28, 2025
Autonomous Cyber threats | Nigeria - Transparent Transformation, Bridging digital divide, Nigerian Businesses and cybersecurity by Oluwole Asalu

Nigeria Must Prepare for the Rise of Autonomous Cyber Threats

May 27, 2025
DDoS and NETSCOUT

Nigeria, Mali Lead West Africa in DDoS Attacks for Late 2024, Says NETSCOUT

May 27, 2025
Airtel Photo AI SPAM ALERT - Copyright - Techeconomy

Airtel AI Spam Alert Service Flags 9.6 million Spam Attempts in Two Months

May 26, 2025
Business security by John Mc Loughlin, J2 Software CEO | Honeypot as a Service

Why We Introduced ‘Honeypot as a Service’ – J2 Software

May 20, 2025
Next Post

New Book Reveals How Atiku, Joda, Ndukwe Saved 2001 GSM License Auction

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Techeconomy Podcast

Techeconomy Podcast
Techeconomy Podcast

Infowave is brought to you by TechEconomy. Every week we will bring new stories from startups and influencers who are shaping and changing the world we live in. We’ll also bring you reports on topics you should know.

Follow us @techeconomyng for more.

TECH TALK EPISODE 2
byTecheconomy

PRODUCTIVITY AND WORK-Life Balance

TECH TALK EPISODE 2
TECH TALK EPISODE 2
May 22, 2025
Techeconomy
CYBERSECURITY ESSENTIALS
April 24, 2025
Techeconomy
Digital Marketing Trends and strategies for 2025 and beyond
February 27, 2025
Techeconomy
Major Lesson for Techies in 2024 and Projections for 2025
December 6, 2024
Techeconomy
Major Lessons for Techies in an AI-Driven World | Techeconomy Business Series Highlights
November 26, 2024
Techeconomy
Maximizing Profitability Through Seasonal Sales: Strategies For Success
November 8, 2024
Techeconomy
Techeconomy Business Series
October 15, 2024
Techeconomy
PRIVACY IN THE ERA OF AI: GETTING YOUR BUSINESS READY
May 30, 2024
Techeconomy
Unravel the Secrets of Marketing Everywhere All At Once with Isaac Akanni from Infobip | Infowave Podcast Episode 1
February 9, 2024
Techeconomy
The Role of Ed-tech in Life Long Learning and Continuous Education
October 19, 2023
Techeconomy
Search Results placeholder

WHAT IS TRENDING

https://www.youtube.com/watch?v=g_MCUwS2woc&list=PL6bbK-xx1KbIgX-IzYdqISXq1pUsuA4dz

Follow Us

  • About Us
  • Contact Us
  • Careers
  • Privacy Policy

© 2025 Techeconomy - Designed by Opimedia.

No Result
View All Result
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
      • Accessories
      • Phones
      • Laptop
      • Gadgets and Appliances
      • Apps
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
      • Broadband
    • Mobility
    • Environment
    • Travel
    • Commerce
    • StartUPs
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • Appointment
    • EventDIARY
    • Editorial
  • Apply
  • TecheconomyTV
  • Techeconomy Events
  • BusinesSENSE For SMEs
  • TBS

© 2025 Techeconomy - Designed by Opimedia.

Translate »
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.