Quickbooks Phishing Email Live Walkthrough
Quick Answer
A walkthrough of a Yahoo Mail phishing email impersonating Intuit/QuickBooks. The post inspects the message format, headers, and the WHOIS for the lookalike domain (intuitpaymentint.com), then compares the cloned landing page against the real Intuit site and shows how the attackers used a compromised WordPress site to host the fake page. A second, less-sophisticated phishing message arrives during the review and gets the same header and link analysis.
Hilton and I were talking and he mentioned to me that he got a great looking phishing email in his Yahoo account, so I decided to take a quick look at the format and believability of the message to see if it would fool the average user. I was VERY surprised at how well this message was formatted and you’ll see that during my review a second less.
I was VERY surprised at how well this message was formatted and as an extra bonus you’ll see that during my review a second less sophisticated message comes in and I go through a similar process of reviewing headers and reviewing the website.
This is a real-time video of me going through the messages. For some reason the audio is a little screwed up, I don’t think my voice sounds so squeaky – but hey, who knows perhaps I really do sound like that…
Initial Phishing Message
Which Page is the Real Intuit Website?
You can click on the image to see the full resolution.
Registering a Domain Name with the Intuit Brand
WordPress Exploited Site
Second Phishing Email that comes in while I am Reviewing the First Message
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.