Tax season is officially in full swing and just like previous years, hackers and cyber criminals are using this time to steal data.  With people trying to get their information to their tax preparers to file tax returns and tax professionals working frantically to meet tax deadlines, this is prime time for cyber criminals to flood inboxes with phishing emails and malware in an attempt to steal data that could allow them to conduct identity theft, hijack tax refunds and more.

This tax season, cyber criminals have a new trick up their sleeve with new malware that will exfiltrate data from a Quickbooks file and post it on the Dark Web, typically selling the information to identity theft criminals.  We learned about this new malware from our partners at ThreatLocker.  ThreatLocker CEO Danny Jenkins shared information with us on how hackers are using phishing emails to deliver this new malware.  If a recipient opens an attachment or clicks any links in this malicious email, malware will either execute a script to steal data from Quickbooks or use an infected Word document that will retrieve Quickbooks files.  Once the files are stolen, they are uploaded onto the Dark Web where other hackers and cyber criminals can purchase them in prices ranges from $100 to thousands of dollars.

Why steal a Quickbooks file?

It’s  simple.  Most Quickbooks files will contain sensitive information such as employee names, addresses, date of birth and social security numbers – very useful information for identity thieves.  Quickbooks files may also contain credit card and bank account information.   Cyber criminals may also use the data to run future email phishing campaigns using customer and vendor information stored in Quickbooks files, and allow these criminals to conduct spear phishing campaigns for social engineering.  Imagine if a hacker had your entire customer list along with contact names and email addresses along with financial history in regards to invoices.


To help prevent this attack on Quickbooks files, we recommend checking the permissions on folders where Quickbooks files are stored to be sure that the ‘Everyone’ group is not selected for permissions and limit access to as few people as possible, preferably a single user.   Other ways to prevent this type of malware along with any other malware is to use an email security and spam filter to block malicious emails from reaching your inbox along with good endpoint protection software (anti-virus) in case any bad emails slip through your email security.

Schedule a Discovery Call today to Find Out If Your Company is Protected From Threats Like This!