Users of the Intuit Quickbooks accounting software package are being targeted by scammers. Emails have been sent to users of the software warning them that they need to update their web browsers for ‘the best online experience’. They are issued with this news via an email with the heading ‘Intuit Security Warning’.

web protection

Spam email campaigns often urge users to make urgent changes to address security flaws and contain stern warnings to urge users to take action quickly. Often a threat is included or a very short timescale is given for action to be taken. While this email is sent with the subject of ‘Intuit Security Warning’, it looks fairly innocuous. There is no threat, it is well written and has appropriate branding. The email is sent from a credible email address at support.intuit.com and is sent to a “newsletters” email group. This Intuit security warning does not appear to be a phishing email.

The reason given for a web browser update is Intuit is performing an update on November 5, 2015. There is no warning that failure to update browsers will have any ill effects other than the service provided would not be optimal. This is what makes this email scam particularly dangerous. The Intuit security warning email would be unlikely to set alarm bells ringing with users of the software.

Intuit Security Warning email contains link to trojan downloader

If users hover their mouse arrows over the link contained in the email it reveals the true web address. This is not the Intuit website, although the link is credible. Clicking the link will launch a browser window that will display a browser update page that looks exactly as it should. The user will be told that their browser is out of data and should be updated.

A message window will then be launched offering a zip file download, which is also appropriately named based on the default web browser used on the device: FirefoxUpdate.zip for example.

However, the zip file contains malware that will be installed on the user’s device. Even downloading the file is unlikely to set any alarm bells ringing. The scam has been developed to appear perfectly normal. Users are highly unlikely to realize they have been fooled into downloading malware.

Consumers and businesses are likely to receive the Intuit security warning email, which should be deleted. The email itself is not malicious and will not infect a device. That requires manual action on the part of the user. However, the email is very convincing and does not follow the format of “typical” phishing emails. As a result, it is probable that many users will inadvertently do as the Intuit security warning email recommends, and will inadvertently infect their devices with malware.

How to keep end users’ devices and networks malware free

Hackers may be developing ever more complex methods of deceiving users and infecting computers, but oftentimes it is the simplest methods that prove to be the most effective. Even security conscious individuals may inadvertently fall for email scams such as this. For that reason, it is important for IT security professionals not to place too much reliance on staff training. There will always be users who fall for phishing campaigns and email scams, and inadvertently install malware on their computers or the network.

There are two highly effective methods that can be used alongside staff training to protect against email scams and phishing campaigns: Anti-spam software and a web filtering solution. Anti-spam software will prevent emails such as this from being delivered to user’s inboxes, while web filtering software will restrict the sites that users can visit. With both installed, IT security professionals can be confident that, even if end users are targeted by hackers or other cybercriminals, the network will remain protected from malware.