Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 127 - March 2012 (2nd Edition) - Page 3 Malware Emails

Issue 127 Start Menu

Previous Article            Next Article

Messages purporting to be from financial software provider Intuit claim to contain information about a recent order and urge recipient to click a link to download a full invoice.

Brief Analysis
The messages are not from Intuit. Links in the bogus messages open websites that contain malware.

Bookmark and Share
Detailed analysis and references below example.

Last updated: 14th March 2012
First published: 14th March 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer

Subject: Your invoice.

Dear Sir/Madam:

Thank you for submitting an order with Intuit Market. We have received it and will send you an e-mail when your order ships. If you ordered multiple items, we may send them in more than one shipment (at no extra cost to you) to ensure quicker delivery.

If you have questions about your order, please call

Please download your complete order
id #306261162092 information at Intuit small business website.

NEED HELP? Email us at [removed].
Call us at [removed].
Reorder Intuit Checks Quickly and Easily starting with the information from your previous order.

To help us better serve your needs, please take a few minutes to let us know how we are doing.

Submit your feedback here.

Thanks again for your order,
Intuit Market Customer Service

Intuit Malware Email

Detailed Analysis
A series of fake emails that falsely claim to be from financial software provider Intuit have been distributed to people all over the world in recent weeks. The emails, which supposedly contain information about a recent order, invite recipients to click a link to download full details about the transaction. Subject lines and details about the supposed order vary in different incarnations of the message. To further the illusion of legitimacy, the fake emails come complete with the Intuit logo and colour scheme.

Links in the messages open compromised websites that harbour various exploits. Those who fall for the ruse and follow the links may inadvertently download and install malware on their computers. When a user clicks a link, he or she will receive a message in their browser window asking them to wait while the page loads. However, rather than loading an Intuit invoice as expected, the page actually loads the malicious payload.

Intuit has published a warning about the emails on its website which states:
Fake Email: Intuit order confirmations

People are receiving an email entitled "Your order confirmation." There are a number of variations to the fake email, including, but not limited to the following subject lines: "Your QuickBooks software order," "Your order," "Your order status," "Your order confirmation," "Your invoice," "Please confirm your invoice."
If you receive one of the fake emails, do not click on any links or open any attachments that it may contain.

Bookmark and Share References
Intuit spam loads malware
Your order confirmation /
Fake Email: Intuit order confirmations

Previous Article            Next Article

Issue 127 Start Menu

Pages in this issue:
  1. Pointless and Exploitive 'Share if You Are Against Child Abuse' Facebook Post
  2. Little Girl With Huge Belly Facebook Donation Hoax
  3. Malware Emails
  4. BlackBerry Messenger Resend to Save Account Hoax
  5. Friend Request Facebook Ban Warning
  6. Arwa Has Now Been Found - Help find Missing Girl Arwa Message
  7. Hoax - Nagasaki Arch Survives Both Atomic Bomb and Tsunami
  8. Pharmacy Spam Emails Purport to be From YouTube
  9. False Warning - Do Not Add 'Jason Lee' Because Its a Virus
  10. 'Wolf' Slaughter Protest Message
  11. Fake Three Headed Snake Image
  12. False Warning - Facebook Will Soon Require Social Security Numbers When Users Login
  13. Advance Fee Scam - British National Lottery Promo Programme
  14. Invitation FB Olympic Torch Virus Hoax