10 Aug 2024 - AJ
When digging in my spam folder for inspiration - to be honest, I was going to cover pig butchering, which is a very hot scam right now - I ran across the refund scam I am covering today. This is perhaps the third most common scam I see land in staff inboxes, behind the Pegasus scam and fake Docusign emails. This is actually a scam aimed at consumers and is commonly covered on many anti-scam websites, but scammers don’t differentiate between business email addresses and non-business email addresses, so we get them as well.
There are several types of invoice scams - some aimed just at businesses, some at consumers, some at both - but this is the hot one that all the cool scammers are putting out right now (when they’re not doing Pig Butchering or blackmail type scams).
Here’s the red flags I found in the email I got, as an example:
In my case, they didn’t have the number in the body of the email. I refuse to open a random PDF that’s in my spam filter and unfortunately the public sandbox I use prevents me from checking the URL, but I wouldn’t be surprised if the phone number would have been there if I’d opened the PDF/cliked on the link. I am very cautious about clicking on links, even legit-looking ones, as there are some very legit services with unsecured URL redirects that get exploited by criminals. (I’m not saying Xero.com is one of them, I’m just cautious in general.)
Also, I did some investigating (I don’t have any involvement in accounting, so it took me a minute or two to realize Qb was supposed to be QuickBooks), and there is no “Business Essentials Plus” plan at Quickbooks - they have an “Essentials” plan and a “Plus” plan, but no “Essential Plus” plan. Also, none of their plans would come out to 499.99. (Essential comes out to $780 a year and plus is even more expensive). Also, not per seat - these plans cover x amount over users for the price given.
Anyway, I reported it as a phish to Google and to Xero so hopefully they’ll be taking care of things.