this post was submitted on 02 Nov 2024
24 points (100.0% liked)

No Stupid Questions

2500 readers
1 users here now

There is no such thing as a Stupid Question!

Don't be embarrassed of your curiosity; everyone has questions that they may feel uncomfortable asking certain people, so this place gives you a nice area not to be judged about asking it. Everyone here is willing to help.

Reminder that the rules for lemmy.ca still apply!

Thanks for reading all of this, even if you didn't read all of this, and your eye started somewhere else, have a watermelon slice ๐Ÿ‰.

founded 2 years ago
MODERATORS
otter
Kokomheart
24
How does someone send a phishing email using a legitimate domain? (notification.intuit.com in this case) (self.nostupidquestions)
submitted 3 months ago* (last edited 3 months ago) by otter to c/nostupidquestions
7 comments fedilink hide all child comments
 

A friend received a spam email from quickbooks@notification.intuit.com

Intuit is a real company, and intuit.com is their real domain. Looking online, a number of people received this scam email a few months ago, and then again over the last week.

If you came across this post from Google, this is why it reeks of a scam email:

  • 12 of other email addresses are listed in the to and cc fields
  • it says that a subscription is set to renew, "$399.99 will soon be taken out of your account" and that it will happen within the "next 24 hours". Classic sense of urgency
  • It includes an 888 phone number that does not come up as any legitimate number, and it includes a PDF which my friend did not download in case it is malicious

Does this mean that Intuit lost control of that subdomain, or is there another way that someone might be spoofing it? I can have my friend check any other metadata if it would be helpful.

If you came here from Google, welcome to the Fediverse :)

you are viewing a single comment's thread
view the rest of the comments
[โ€“] hddsx 9 points 3 months ago (1 children)

Even if you do have DKIM, DMARC, and SPF someone can still spoof your domain and the admin will still get an email about it. After that, instructions are unclear since the receiving domain is rejecting it properly.

Ask me how I know

[โ€“] hendrik@palaver.p3x.de 2 points 3 months ago

Yeah, it has to be both sides cooperating. You can set a recommendation what to do with mails that failed the checks. Including dropping the mail altogether. But it's open to the receiver to honor that request, or not do any checks at all.