For those interested, here’s a breakdown of how I identified this email as a phish:
- The sender email was something other than @quickbooks.com. In Outlook, the actual email address shows up in between < >.
- The “To” address was not my email address, which indicates that this email was sent to two or more recipients using CC or BCC.
- The email wasn’t addressed to my Quickbooks user name or my first name. This isn’t always a guaranteed method of detection, but combined with the other points it’s a good indicator the email isn’t being directed towards me in particular.
- The “warning message” doesn’t quite make sense. At first glance it seems to be something that needs urgent attention, but reading it more thoroughly it comes across as mostly gibberish.
- The “Check Activity” button doesn’t fit the color scheme of the rest of the email. In comparison the blue on green is a bit garish.
- Hovering over the “Check Activity” button indicates that it’s trying to take me somewhere that has nothing to do with QuickBooks. This is the most important indicator that this email is dangerous.
It is always far better to delete these types of emails without clicking anything in them at all. Even if you click the link, and don’t enter information into any fields on the page it takes you to, just being on the site can be enough to compromise your computer. Always think before you click!