New Phishing Attack Exploits Real Quickbooks Email Domain Using Dark Web Double Spear Techniques: Avanan

Avanan has released its newest attack brief that reveals its cybersecurity researchers have observed a new phishing campaign in which hackers are creating email accounts using legitimate QuickBooks domains to send malicious invoices via requesting payments directly from the service. 

In this attack, the hacker spoofed brands including Norton and Office 365 in the body of the message. Between built-in legitimacy of actual Quickbooks email to what hackers on the dark web call a double spear, this new attack represents a particularly deceptive and compelling phishing campaign by manipulating the victims into calling a number and paying an invoice to harvest not only credentials but also their telephone numbers for future attacks, whether it’s via text message or WhatsApp.   

Avanan’s new research analyzes how hackers leverage legitimate and popular websites to get into inboxes and steal credentials and money. You can read the report here.

Leave a Reply

%d bloggers like this: