Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 136 - August 2012 (1st Edition) - Page 14

Intuit "Payroll Processing Request" Malware Email

Issue 136 Start Menu

Previous Article            Next Article

Outline
"Payroll processing" emails purporting to be from financial software provider Intuit, claim that are large amount of money is about to be withdrawn from the recipient's bank account to cover employee paychecks. The recipient is invited to click a link in the message to download payroll details.



Brief Analysis
The email is not from Intuit and the claims in the message are untrue. Those who fall for the ruse and follow links in the email will be taken to a website that harbours information stealing malware.

Bookmark and Share
Detailed analysis and references below example.





Last updated: July 23, 2012
First published: July 23, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example

From: Intuit Payment Network
Subject: We have received your payroll processing request.

Direct Deposit Service Communication
Information Only

Dear [email address removed]

We obtained your payroll on July 16, 2012 at 1:25 AM Pacific Time.

Funds will be withdrawn from the bank account number ending in: XXXX on July 17, 2012.
Amount to be withdrawn: $6,976.46
Paychecks will be transferred to your employees' accounts on: July 17, 2012
Please download your payroll here.
Funds are as a rule withdrawn before normal banking hours so please make sure you have enough funds available by 12 a.m. on the date funds are to be withdrawn.

Intuit must obtain your payroll by 5 p.m. Pacific time, two banking days before your paycheck date or your employees will fail to be paid on time. QuickBooks does not process payrolls on weekends or federal banking holidays. A list of federal banking holidays can be accessed at the Federal Reserve website.

Thank you for your business.

Sincerely,
Intuit Payroll Services


From: LinkedIn Communication
Subject: Your payroll processing confirmation.

We received your payroll on July 16, 2012at 5:17AM
Pacific Time.Funds will bewithdrawn from thebank account number ending in:
XXXX on July 17, 2012.

Amount to be withdrawn: $7,776.91

Paychecks will be transferred to your employees' accounts on: July 17, 2012 Please
download your payroll here.

Funds are typically processed before normal banking
hours so please make sure youhave sufficient funds available by 12 a.m. on
the date fundsare to be withdrawn.

Intuit must obtain your payroll by 5p.m.Pacific time, two banking days before your paycheck date or your employees
will not be paidon time. QuickBooks does not process payrolls on weekends or
federal banking holidays. A list of federal banking holidays can be downloaded
at the Federal Reserve website.

Thank you for yourbusiness.Sincerely, Intuit
Payroll Services




Detailed Analysis
Bogus emails purporting to be from well-known financial software provider Intuit have been hitting inboxes around the world. The supposed "payroll processing" notifications claim that a large sum of money is set to be withdrawn from the recipient's bank account to cover worker paychecks. The recipient is invited to click a link to download details about the payroll withdrawal.

Of course, the emails are not from Intuit. In fact, the emails are designed to trick recipients into downloading malware to their computers. The criminals responsible for the scam hope that recipients, panicked into believing that several thousand dollars is set to be withdrawn from their bank accounts, will click the link in the message without due forethought. Clicking links in the messages, will actually take victims to a compromised website that harbours malware. The victim is taken to a site that supposedly contains more information about the payroll withdrawal and then asked to wait until the page fully loads. However, the page then automatically redirects to other sites where trojans and other types of malware may be downloaded to the visitor's computer.

Once installed, this malware can change computer settings, steal sensitive information stored on the computer and connect to remote servers.

Intuit has posted a warning about the fake payroll processing emails on its website. Confusingly, while some versions of the scam messages claim to be from Intuit, others purport to be from business social network LinkedIn. The malware emails are similar to another recent attack in which bogus messages claimed to be Intuit order notifications. These messages also contain links that pointed to information stealing malware websites.

If you receive one of these bogus Intuit emails, do not follow any links or open any attachments that they may contain.


Bookmark and Share


References
Fake email about payroll processing by Intuit
Intuit.com Malware Emails



Previous Article            Next Article

Issue 136 Start Menu

Pages in this issue:
  1. Facebook Post - Seven Year Old Shot Saving Mom
  2. Cranky Old Man Poem
  3. Facebook Survey Scam - Free $500 Coles Voucher
  4. Amazon Account Review Phishing Scam
  5. Ellie May Ashley Missing Person Alert (Ellie Has Now Been Found)
  6. 'Private Message' Phishing and Survey Scam Emails
  7. AOL Deactivated Account Phishing Scam
  8. 'Mystery Shopper' Money Laundering Scams
  9. Hotel Booking Confirmation Malware Emails
  10. Chase Online 'Unconfirmed Payment' Phishing Scam
  11. 'Buddha' Shaped Pears
  12. Yacht Launch Mishap
  13. McDonald's 'Mega Promotion Award' Advance Fee Scam
  14. Intuit "Payroll Processing Request" Malware Email
  15. Facebook Survey Scam - Bestbuy Gift Card
  16. FBI Arrest Warning Advance Fee Scam