Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Intuit.com Malware Emails

Outline
Messages purporting to be from financial software provider Intuit claim to contain information about a recent order and urge recipient to click a link to download a full invoice.



Brief Analysis
The messages are not from Intuit. Links in the bogus messages open websites that contain malware.

Bookmark and Share
Detailed analysis and references below example.





Last updated: 14th March 2012
First published: 14th March 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Your Intuit.com invoice.

Dear Sir/Madam:

Thank you for submitting an order with Intuit Market. We have received it and will send you an e-mail when your order ships. If you ordered multiple items, we may send them in more than one shipment (at no extra cost to you) to ensure quicker delivery.

If you have questions about your order, please call

ORDER INFORMATION
Please download your complete order
id #306261162092 information at Intuit small business website.

NEED HELP? Email us at [removed].
Call us at [removed].
Reorder Intuit Checks Quickly and Easily starting with the information from your previous order.

To help us better serve your needs, please take a few minutes to let us know how we are doing.

Submit your feedback here.

Thanks again for your order,
Intuit Market Customer Service


Intuit Malware Email



Detailed Analysis
A series of fake emails that falsely claim to be from financial software provider Intuit have been distributed to people all over the world in recent weeks. The emails, which supposedly contain information about a recent Intuit.com order, invite recipients to click a link to download full details about the transaction. Subject lines and details about the supposed order vary in different incarnations of the message. To further the illusion of legitimacy, the fake emails come complete with the Intuit logo and colour scheme.

Links in the messages open compromised websites that harbour various exploits. Those who fall for the ruse and follow the links may inadvertently download and install malware on their computers. When a user clicks a link, he or she will receive a message in their browser window asking them to wait while the page loads. However, rather than loading an Intuit invoice as expected, the page actually loads the malicious payload.

Intuit has published a warning about the emails on its website which states:
Fake Email: Intuit order confirmations

People are receiving an email entitled "Your Intuit.com order confirmation." There are a number of variations to the fake email, including, but not limited to the following subject lines: "Your QuickBooks software order," "Your Intuit.com order," "Your Intuit.com order status," "Your Intuit.com order confirmation," "Your Intuit.com invoice," "Please confirm your Intuit.com invoice."
If you receive one of the fake emails, do not click on any links or open any attachments that it may contain.

Bookmark and Share References
Intuit spam loads malware
Your Intuit.com order confirmation / curcharge.com
Fake Email: Intuit order confirmations

Last updated: 14th March 2012
First published: 14th March 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer