Cybercriminals are Changing QuickBooks Payments Merchant Account Details and Sending Your Accounts Receivable Overseas

Cybercriminals are Changing QuickBooks Payments Merchant Account Details and Sending Your Accounts Receivable Overseas

July 07, 2023 / in Blog / by Zafar Khan, RPost CEO

Summer is all about baseball, but it’s also about cybercriminal lures targeting lawyers, insurance professionals, and any business that accepts credit cards.

With July 4th in the rear-view mirror, we’re now in peak summer season, which means baseball season. (I happen to love baseball and equate it with long summer nights, hot dogs, sprinklers, and days off from school.)

If you’re not that familiar with baseball, there’s this thing called a triple play where the defense gets 3 outs on a single batted ball in play. Trust me, it’s a very rare and special event. We’ve put together our own triple play of three free mission critical cybersecurity webinars in July -- and for the Florida Bar member readers, these provide free full CLE credits! (Details below.) 

Yes, summer is all about baseball, but it’s also unfortunately about cybercriminal lures targeting lawyers, insurance professionals, money managers, accounts receivable staff, and many others, which disrupt normal business money flows. 

Here’s the latest cybercriminal scheme that has impacted folks we know. We’ll call it The QuickBooks Cash Crevasse

How does it work? Despite all your multi-factor login and security settings, when cybercriminals are eavesdropping on your staff’s email inbox (in particular, your in-house or outsourced bookkeepers, accountants, tax preparers, accounts receivable staff, or others who may have access to setting up your merchant payment processor account), they can stealthily work through the process of email verification. They can update access to your merchant payment processor account (at QuickBooks Payments for example or your local bank or specialized payment processor). 

Once in the account, they can change notifications to come ONLY to them. Then they will change the payment clearinghouse bank account (i.e., your bank) details swapping them for an offshore bank account owned by cybercriminals. This is happening and is costing many companies critical cash flows!

What happens next? Your clients pay you by ACH or credit card as normal (the payments are collected by your merchant processor), and your merchant processor sends funds to who they think is you in the normal manner. Three days after customers make payments, you are expecting the funds. However, the IMPOSTOR BANK ACCOUNT is now the payment receiver in the QuickBooks Payments system.

Funds are, thus, collected by QuickBooks Payments and sent to the cybercriminal, and you or your accounts receivable team will have no idea that this is happening until a week or so after the fact. For larger organizations, they may typically find out several weeks after. 

The longer the fraudulent transfer is hidden, the less likely transferred funds are retrievable. The FBI reports that 72 hours after a payment is lured and sent internationally (especially to the parts of the world where these payments are going), it is nearly impossible to retrieve. It’s like the funds are sent by your payment processor, like QuickBooks Payments, into a vast cash crevasse. (Hence the nickname for this scheme: QuickBooks Cash Crevasse.)

Falling victim to cybercrime can be truly disastrous, and no corny sports metaphor here can sum up how serious a matter this can be. That’s why we think you and your staff should attend any (or better, all) of these sessions that are free and open to everyone. 

AND remember, if you are a Florida lawyer, you’re in luck – you can attend and check off a slew of free Florida Bar CLE credits. Here’s the line-up:

  • July 12: Learn about the latest cybercriminal lures targeting small and mid-sized firms (course 6155 – register here). 
  • July 19: The power of proof. How to send the functional equivalent of certified mail by email (course 5882 – register here). 
  • July 26: Don’t fall prey to closing funds or invoices supposed to be paid to you, routing to Russian cybercriminals (course 6573 – register here).

More? Yes, if you are swinging for the fences and want the home run, here is a session to help you round the bases:

  • August 2: Tech Essentials for the modern professional, what is easy to implement that will save you time, money and risk (course 5685 – register here).

These sessions are brought to you by The Florida Bar’s Legal Fuel practice management center and RPost – and, again, are free and available to everyone being targeted by cybercriminal lures. And that’s everyone!
Florida Bar member lawyers receive 1 free general, technology, or ethics credit with the Florida Bar for EACH session. Feel free to contact us to learn more about these free Florida Bar full CLE credit webinars or RMail in general.