aoger.blogg.se - march 2023

QuickBooks is a trusted domain–static Allow Lists will let it fly into the inbox. All they have to do is create an account on QuickBooks, which is simple to do. In this case, hackers are using the actual domain of QuickBooks to get into the inbox. This has manifested itself in hackers hosting phishing content on sites like Milanote. These static lists are continually pilfered by hackers. Organizations can’t block Google, so Google-related domains are allowed to come into the inbox. The idea is to take advantage of the fact that these popular websites are on static Allow Lists. Over the years, we’ve seen this across many popular brands, such as Microsoft, Google, Walgreens, DHL, Adobe and many more. This process is not unique to QuickBooks. By using a legitimate domain–in this case, QuickBooks–it offers a trusted domain by which to send phishing emails. Hackers, particularly on the dark web, are using a combination of social engineering and legitimate domains to extract money and credentials from end-users. Note that the number is one associated with such scams, and the address doesn’t correlate with a real one. When calling the number provided, they will ask for credit card details to cancel the transaction. It presents an invoice and encourages you to call if you think there are any questions. That is because the hackers have signed up for a QuickBooks account, and are sending an invoice from that account.

The email comes from a QuickBooks domain. In this attack, hackers are presenting what looks like an invoice for Norton. In this attack, threat actors are using the legitimacy of QuickBooks to get into the inbox.

Techniques: Brand Impersonation, Double Spear.

In this attack, hackers are creating accounts in QuickBooks, and then sending malicious invoices and requests for payments directly from the service. In this attack brief, Avanan will analyze how hackers are leveraging legitimate and popular websites to get into inboxes and steal credentials and money.

The hackers send the email from QuickBooks’ domain, using a free QuickBooks account that they have signed up for, with the email body spoofing brands like Norton or Office 365. Starting in May 2022, Avanan researchers have observed hackers using the domain of QuickBooks––to send malicious invoices and request payments. This refers to the practice of hackers utilizing websites that are on static Allow Lists to get into the inbox.

That’s not necessarily important what is important is leveraging the legitimate service. The content of the email may differ from the services that the domain offers. By leveraging the legitimacy of a trusted domain, security solutions are more likely to view the email itself as legitimate. Hackers continually impersonate trusted brands to get into the inbox.