IRS and QuickBooks Email Scam

We received an email Monday that looked like it was from Intuit, and was about making sure that our QuickBooks account had the correct FEID (Federal Tax ID) number.  Clicking on the link would have downloaded a Backdoor Trojan Horse program from a Turkish web server. 

We recommend that you DO NOT CLICK ON  THE LINK.  If fact, any time you get an email from a service provider with a link, just skip the link and type the web address directly into the address box on your favorite web browser (IE, Firefox, Chrome).  I have seen so many of these bogus but realistic looking emails that I never trust the link in an email without checking it out first, or just logging into my account directly.

The true destination address of links in emails can be revealed by RIGHT CLICKING on the link and selecting Properties from the context menu.  Make sure the address matching what you expect, and when in doubt just good to the web site without clicking on the link.

For more information on this, check out the article on Sophos web site.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.