Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts


November 28, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts

If you’re wondering about the latest email phishing trends now that the Black Friday shopping frenzy is over, we’ve got you covered.

Internet crooks never take a break, continuously targeting consumers with an assortment of unsolicited email messages (spam) designed to trick users into handing over sensitive information such as login credentials and financial data or downloading malware onto their devices.

Awareness is a key component in avoiding insidious internet threats and other malicious methods cybercriminals use to fool unsuspecting victims.

This week, Bitdefender Antispam Lab researchers are warning about opportunistic fraudsters targeting financial accounts and users of popular accounting platform, QuickBooks.

Financial-themed phishing emails

According to Bitdefender Antispam telemetry, cybercrooks have deployed several phishing campaigns impersonating popular banks and financial institutions, including Standard Bank, Santander Bank and American Express to steal customers’ login credentials.

The phony correspondence impersonating Standard Bank mostly targets users in South Africa. The scammers tell recipients they have a pending payment that needs their immediate approval or attention.

A major red flag to watch for is the ‘.html’ attachment which, according to the official Standard Bank website, is a clear sign of a scam. The financial institution never sends  .htm or .html attachments directing customers to login pages for their online banking platform.

Brazilians are being targeted with bogus correspondence mimicking official Santander Bank correspondence. In the sample below, recipients are warned that their Santander reward points are about to expire and urged to follow a redemption link.

Dear customer,

You have 160,000 expiring points on your Santander debit and credit card.

Avoid the expiration of your points by redeeming them now by clicking on the link or button below:


Attention: Your points will be canceled within 48 hours if you do not redeem them.”

Of course, people who receive such correspondence should be aware that they can redeem credit card rewards anytime and that reward points don’t expire for “accounts in good standing.”

Cybercriminals are also out to steal the login credentials of American Express customers in the US. Fraudsters behind this campaign tell recipients their credit card has been locked due to “unusual excess purchase you made recently” and that they need to go through a verification process to unlock it.

How can you stay safe against financial phishing emails:

  • Do not click on links and attachments in unsolicited emails
  • Do not log in to your online banking via unsolicited links to address any security issues on your accounts or payment cards
  • Never give sensitive information, credit card numbers, Social Security numbers or IDs
  • Report and delete any correspondence you receive from unfamiliar domains or emails
  • Log in to your e-banking account from your browser or app to check for any notifications
  • When unsure whether an email is legitimate, research it online or contact your bank immediately

Phishers want access to your QuickBooks account

A new QuickBooks phishing campaign is also making rounds this week in the US. The subject line of the fake email tells the recipient they have received an encrypted message.

QuickBooks users are advised to always check the validity of an Intuit email before submitting any information. To avoid scams, use your browser to sign in to your Intuit Account and head to the Account Activity section where you can view a list of events relating to your account.

“If you find an event with an email icon matching the content, date, and time of the email you’re not sure about, you’ll know the email is from Intuit,” the company says.
You may also see a reference code you can match to the email.” Otherwise, you should report and delete the email.

Intuit also emphasized that they will never ask customers about sign-in or password information, bank or credit card information, confidential information about your employees, or send a software update or download as an attachment.


Opt for one of our all-in-one security solutions to protect all your devices from malicious and fraudulent activity no matter if you are busy shopping or checking your bank account.

With Bitdefender's all-in-one plans, you get award-winning antimalware protection and benefit from advanced anti-fraud and anti-phishing filtering systems that warn you whenever you visit a website that may try to defraud you. Paired with our state-of-the-art Password Manager to help you store your sensitive data passwords, a powerful Premium VPN or Digital Identity Protection, you can rest assured that your online privacy and identity are safe against snoops and identity thieves.




Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.

View all posts

You might also like