People are receiving fake emails with the title Payment Overdue – Please respond | SpamThese mails are coming from firstname.lastname@example.org or Payroll@quickbooks.com , which is not a legitimate email address. Below is a copy of the email people are receiving. The email does not contain a link; however, the email has a .zip attachment that contains malware. Do not open the .zip file.
Sample of what the e-mail might say.
Payroll Reports <email@example.com>
Please find attached payroll reports for the past months. Remit the new payment by 07/07/2013 as outlines under our payment agreement. Sincerely, Leroy Hope This e-mail has been sent from an automated system. PLEASE DO NOT REPLY. CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.
This is the end of the fake email.
- Do not open the attachment in the email.
- Send a copy of the email to firstname.lastname@example.org.
- Do not forward the email to anyone else.
- Delete the email.
On the Internet, “phishing” refers to criminal activity that attempts to fraudulently obtain sensitive information.
Here’s what you can do to protect yourself from a phishing attack:
- If you suspect you have received a phishing email from Intuit, please forward it immediately to email@example.com. We will look into each reported instance.
- Make sure you subscribe to an anti-virus software and keep it up-to-date.
- Make sure you have updated your web browser to one that includes anti-phishing security features, such as Internet Explorer 7 or Firefox version 3 or higher.
- Make sure that you keep up to date on the latest releases and patches for your operating systems and critical programs. These releases are frequently security related.
- Do not respond to emails asking for account, password, banking, or credit card information.
- Do not open up an attachment that claims to be a software update. We will not send any software updates via email.
- Do not respond to text messages or voicemails that ask you to call a number and enter your account number and pin.
- Make sure you have passwords on your computer and your payroll files.
Here are 3 common methods that phishers use in their emails
- Spoofed email address. Don’t reply to unsolicited email and don’t open email attachments. It’s easy to fake a From or Reply To address, either manually or with spam software, so never assume an email is real by looking at its header. You might be able to spot fake addresses by checking for domain name misspellings, but this isn’t foolproof. Some email service providers combat the problem of spoofed addresses by using authentication techniques to verify a sender’s integrity.
- Fake link. When in doubt, never click on a link in an unsolicited or suspicious email. Scam emails can contain a hidden link to a site that asks you to enter your log on and account information. A clue: if the email threatens you with account closure if you don’t log on soon, you could be the target of phishing. You may be able to tell if a link is real by moving your mouse over it and looking at the bottom of your browser to see the hidden Web address – it will look different than the one you see on the surface.
- Forged Website. If you must visit a financial site, like your bank or credit card company, enter its known address into the browser location field manually. Use a browser with an anti-phishing plug-in or extension, like FireFox version 3 or higher or Internet Explorer 7. These browsers warn you about forged, high-risk sites. Phony Web sites mimic real sites by copying company logos, images, and site designs. Malicious webmasters can also use HTML, Flash or Java Script to mask or change a browser address.