The NJCCIC also observed phishing emails with Intuit-themed lures sent to New Jersey State employees attempting to harvest account credentials. The sender’s display name impersonates the legitimate Intuit Quickbooks brand; however, upon closer inspection, it displays “Intuit Quickbooks.Online,” and the sender’s email address is a Gmail account. The subject line conveys a sense of urgency with “Action Required: New Pending Payment” to convince the target to click on the PDF attachment for further information. If clicked, the target is directed to a newly registered phishing website containing Intuit branding which is flagged as malicious in VirusTotal. If the account credentials are entered, they are sent to the threat actors in the background.
The NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to refrain from responding to unsolicited communications, opening attachments, or clicking links from unknown senders, and exercise caution with communications from known senders. If unsure of the legitimacy, contact the sender via a separate means of communication, such as by phone, before taking any action. Phishing emails and other malicious cyber activity can be reported to the FBI Internet Crime Complaint
Center (IC3) and the NJCCIC.