Cybercriminals are capitalizing on tax season by launching phishing campaigns targeting QuickBooks
users, Malwarebytes reports.
The attack begins with a malicious Google ad that appears at the top of the page when a user searches for QuickBooks.
The website’s domain, “quicckboorks-acccounting[.]com,” is designed to trick users who don’t closely examine the URL. If a user clicks the link, they’ll be taken to a fake login portal that convincingly spoofs the real Intuit QuickBooks login page.
While multi-factor authentication offers a crucial layer of defense against account takeover, users should
be aware that attackers can still bypass this measure via social engineering.
“Passwords alone offer a limited level of security because they can be easily guessed, stolen through
phishing, or compromised in data breaches,” the researchers write. “It is highly recommended to
enhance account protection by enabling a second form of authentication like one-time passcodes sent
to your device or utilizing a 2FA app for an extra layer of verification.
Phishing kits have evolved to become increasingly sophisticated, with some now capable of circumventing one-time passcodes and 2FA. These kits often employ ‘man-in-the-middle’ or ‘adversary-in-the-middle’ (AiTM) techniques.”
In this case, the attackers have set up a fake one-time password (OTP) page, which will immediately transmit the user’s OTP to the attacker.
“When a victim enters their credentials and the one-time passcode on a fake login page created by the
phishing kit, this information is intercepted in real-time and relayed to the attacker,” Malwarebytes
explains. “The attacker can then use these stolen credentials and the valid one-time passcode to log in
to the victim’s account before the passcode expires.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000
organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce
human risk.
Malwarebytes has the story.
