Last updated: July 23, 2012
First published: July 23, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
From: Intuit Payment Network
Subject: We have received your payroll processing request.
Direct Deposit Service Communication
Dear [email address removed]
We obtained your payroll on July 16, 2012 at 1:25 AM Pacific Time.
Funds will be withdrawn from the bank account number ending in: XXXX on July 17, 2012.
Amount to be withdrawn: $6,976.46
Paychecks will be transferred to your employees' accounts on: July 17, 2012
Please download your payroll here.
Funds are as a rule withdrawn before normal banking hours so please make sure you have enough funds available by 12 a.m. on the date funds are to be withdrawn.
Intuit must obtain your payroll by 5 p.m. Pacific time, two banking days before your paycheck date or your employees will fail to be paid on time. QuickBooks does not process payrolls on weekends or federal banking holidays. A list of federal banking holidays can be accessed at the Federal Reserve website.
Thank you for your business.
Intuit Payroll Services
From: LinkedIn Communication
Subject: Your payroll processing confirmation.
We received your payroll on July 16, 2012at 5:17AM
Pacific Time.Funds will bewithdrawn from thebank account number ending in:
XXXX on July 17, 2012.
Amount to be withdrawn: $7,776.91
Paychecks will be transferred to your employees' accounts on: July 17, 2012 Please
download your payroll here.
Funds are typically processed before normal banking
hours so please make sure youhave sufficient funds available by 12 a.m. on
the date fundsare to be withdrawn.
Intuit must obtain your payroll by 5p.m.Pacific time, two banking days before your paycheck date or your employees
will not be paidon time. QuickBooks does not process payrolls on weekends or
federal banking holidays. A list of federal banking holidays can be downloaded
at the Federal Reserve website.
Thank you for yourbusiness.Sincerely, Intuit
Bogus emails purporting to be from well-known financial software provider Intuit have been hitting inboxes around the world. The supposed "payroll processing" notifications claim that a large sum of money is set to be withdrawn from the recipient's bank account to cover worker paychecks. The recipient is invited to click a link to download details about the payroll withdrawal.
Of course, the emails are not from Intuit. In fact, the emails are designed to trick recipients into downloading malware to their computers. The criminals responsible for the scam hope that recipients, panicked into believing that several thousand dollars is set to be withdrawn from their bank accounts, will click the link in the message without due forethought. Clicking links in the messages, will actually take victims to a compromised website that harbours malware. The victim is taken to a site that supposedly contains more information about the payroll withdrawal and then asked to wait until the page fully loads. However, the page then automatically redirects to other sites where trojans and other types of malware may be downloaded to the visitor's computer.
Once installed, this malware can change computer settings, steal sensitive information stored on the computer and connect to remote servers.
Intuit has posted a warning about the fake payroll processing emails on its website. Confusingly, while some versions of the scam messages claim to be from Intuit, others purport to be from business social network LinkedIn. The malware emails are similar to another recent attack in which bogus messages claimed to be Intuit order notifications. These messages also contain links that pointed to information stealing malware websites.
If you receive one of these bogus Intuit emails, do not follow any links or open any attachments that they may contain.