Tag Archives: Virginia

Don't click on phony QuickBooks email alert

Courtesy of the West Virginia Better Business Bureau

A clever new phishing scam is fooling small businesses. The message looks like an email alert from accounting software QuickBooks, but it’s really a phishing con.

How the scam works

You receive an email with the subject line “QuickBooks Support: Change Request.” The message is “confirming” that you changed your business name with Intuit, QuickBook’s manufacturer. However, you never made such a request. It must be a mistake, but fortunately the email contains a link to cancel.

Pause before you click! Scammers know that you didn’t make this request, and the link to cancel is simply bait. It downloads malware to your device, which scammers use to capture passwords or hunt for sensitive information on your machine. This can open you up to identity theft.

How to spot a phishing scam

>> Be wary of unexpected emails. Never click on links or attachments in emails you were not expecting without checking them out thoroughly first.

>> Check the reply email address. One easy way to spot an email scam is to look at the reply email. The address should be on a company domain, such as (jsmith@company.com).

>> Check the destination of links. Hover over links to see where they lead. Be sure the link points to the correct domain (www.companyname.com) not a variation, such as companyname.othersite.com or almostcompanyname.com. Scammers can get creative, so look closely.

>> Consider how the organization normally contacts you. If an organization normally reaches you by mail, be suspicious if you suddenly start receiving emails or text messages without having opted in to the new communications.

>> Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Be especially wary of messages you have not subscribed to or companies you have never done business with in the past.

>> Don’t believe what you see. Just because an email looks real, doesn’t mean it is. Scammers can fake anything from a company logo to the “Sent” email address.

For more scam information

Visit bbb.org/canton to look up a business, file a complaint, write a customer review, report a scam with Scam Tracker, read tips, follow us on social media and more. The Canton Regional and Greater West Virginia Better Business Bureau offers tips and advice for consumers to avoid fraudulent practices.

Phishing attack exposes 1400 W-2s at UVA

Share this article:
The University of Virginia was informed by the FBI that a phishing attack was used to access to university’s HR system and steal personal information of 1,400 employees.

A phishing attack was used to access to University of Virginia’s (UVA’s) HR system, and personal information of 1,400 employees, the Federal Bureau of Investigation (FBI) told the Charlottesville, Va.-based school.

The W-2 tax statements of 1,400 employees and direct deposit banking information of 40 employees were stolen, according to an FAQ statement posted on the university website. The FBI said suspects are now in custody, according to the university.

The attackers gained access to the HR system of the university through an email phishing attack that asked employees to click on a link and enter their employee user name and passwords. This gave the attackers access to the HR system beginning in November 2014, and the date that the attackers are suspected to have last accessed the system was February 2015.

In June, the university’s system was attacked by a group in China. At the time, the university said banking information, health data, and Social Security numbers were secure. UVA said the phishing attack was not related to the June attack. The FBI and school authorities were not available for comment by press time.



Data breach jeopardizes personal information of 1400 at the University of Virginia


The University of Virginia has confirmed that personal information of more than 1,400 employees was jeopardized by a “phishing” email scam.

The Daily Progress reports (http://bit.ly/1OM5BAR ) that the FBI recently notified the university of the exposure after an extensive investigation. The FBI said suspects are in custody.

U.Va. said it has notified the affected employees and is offering them one year of free credit monitoring and identity protection services.

The scam targeted several U.S. colleges and universities. Emails were sent asking recipients to click on a link and provide network access system usernames and passwords. The perpetrators gained access to a component of a human-resources system and accessed W-2s for about 1,400 employees and direct deposit banking information of 40 employees. The university has more than 20,000 employees.