Tax Accounting Software Falls Prey To Scam

Tax Accounting Software Spoofed

( 3 min read )

Tax Accounting Software Misused for Phishing Scam, CEOs Under Threat

A multi-national cyber organization has uncovered a large-scale cyber-attack, which hits off all the hallmarks of a phishing attack. Executives which are working at posts as high as a CEO are becoming targets. A tax accounting software called QuickBooks was misused to target employees in a technology company. Tax deadlines fast approaching in the west, taxation was a potent ruse to draw the CEO in.

Technology Companies: A Favourite of Phishers?

Targeted phishing, or spear phishing, is relatively a high-risk operation for cyber criminals. It’s not like ransomware where they have the upper hand. They are looking for maximum profits from the least possible phishing activity. This is different than bulk mail phishing where the criminals collect a big bunch of email addresses, and hope to catch as many fish as possible in their wider net. Spear phishing usually occurs after studying an organization and waiting for a possible way in. And technology companies are used to send frequent and large bills to their associates, partners, vendors and other business people. Being in technology themselves, these organizations rely more heavily on e-invoicing than other businesses. A single phishing attack on a large technological corporation will fetch more bucks than say, an individual or a business which does not engage in email communication as much.

Details of the Phishing Case

This attack transpired in two waves. In the first wave, the criminals spoofed the tax accounting software’s email address (quickbooks@notification.intuit.com) and sent a tax-related document to the CEO of the organization concerned. Like an email from QuickBooks, the email was carefully structured, filled with taxation jargon to make it seem legitimate. The email contained a word doc attachment, which was as normal as any other document except that it contained a macro-deploying code which released the malware on the CEO’s system. It later became clear that not just the CEO, but other high-level executives had also become victims. The connection between the CEO and these employees became apparent when the company realized all of these employees had access to certain confidential information. The phishing attack had been an effort to reach at this piece of information.

But it didn’t stop there. In the second wave, the criminals managed to spoof an accountant’s software. The criminals took a break of one month, possibly to throw off suspicion. After that, the company took another hit. This time, using the accountant’s id, an email was sent, asking the CEO to enter his credentials to a phony Skype conversation. The email even contained a voice note, in an attempt to establish the authenticity of the request. Just goes to show how bold the criminals can get.

Afterward, it became clear that the first wave intended to locate sensitive information, and the second one to get the CEO’s credentials.

What Stopped the Attack?

The traditional, preliminary email protection systems in place failed in the face of the attack. The company’s advanced, AI-based email security system identified and mitigated the attack, and thankfully prevented further damage. But the perpetrators are at large still. As it is a tax season in the west, it is likely the attacks will continue, using other tax accounting systems like QuickBooks.

What should you do?

Although it is not the tax period here in India, there are innumerable current happenings that the hackers will misuse. We discussed in our earlier blog, covid is the hot topic right now and is a phishing favorite. In these cases, it is better to partner up with a strong security firm.You can let their tough, modern security solutions to handle email threats.

If you are looking for a security provider, we can help. Our Email Advanced Threat Protection service handles all known and unknown malware, spear phishing, BEC attacks and other threats. Do what’s smart, and enjoy overall security.

Leave a Reply

Your email address will not be published. Required fields are marked *