A friend received a spam email from quickbooks@notification.intuit.com

Intuit is a real company, and intuit.com is their real domain. Looking online, a number of people received this scam email a few months ago, and then again over the last week.

If you came across this post from Google, this is why it reeks of a scam email:

  • 12 of other email addresses are listed in the to and cc fields
  • it says that a subscription is set to renew, “$399.99 will soon be taken out of your account” and that it will happen within the “next 24 hours”. Classic sense of urgency
  • It includes an 888 phone number that does not come up as any legitimate number, and it includes a PDF which my friend did not download in case it is malicious

Does this mean that Intuit lost control of that subdomain, or is there another way that someone might be spoofing it? I can have my friend check any other metadata if it would be helpful.


If you came here from Google, welcome to the Fediverse :)

You are viewing a single thread.
View all comments
5 points
*

Very similar to if you were to send a traditional paper letter in an envelope with a stamp, and put an incorrect return address on it. You could even make it look exactly like something the real company would have sent. There is no validation of the return address. If the recipient were to respond to the return address, it would expose the ruse. The scam is that the contents of the letter have further instructions that lead to the scam.

Another complication is that the From address in internet email contains an address part and a description part. The address part is what is actually used to route the email, and the description part can be anything, including something that looks like an email address that doesn’t match the one in the address part. Most email clients only show the description part and hide the address part.

For example:

From: “Bob Smith” <bob@example.com>

From: “robert@somewhere.com” <bob@example.com>

From: “Do not reply” <noreply@example.com>

From: “quickbooks@notification.intuit.com” <scam@attacker.com>

Edit: formatting

permalink
report
reply

No Stupid Questions

!nostupidquestions@lemmy.ca

Create post

There is no such thing as a Stupid Question!

Don’t be embarrassed of your curiosity; everyone has questions that they may feel uncomfortable asking certain people, so this place gives you a nice area not to be judged about asking it. Everyone here is willing to help.

  • ex. How do I change oil
  • ex. How to tie shoes
  • ex. Can you cry underwater?

Reminder that the rules for lemmy.ca still apply!


Thanks for reading all of this, even if you didn’t read all of this, and your eye started somewhere else, have a watermelon slice 🍉.


Community stats

  • 388

    Monthly active users

  • 138

    Posts

  • 1.7K

    Comments