Date: Tue, 9 Apr 2013 11:21:18 -0430 [11:51:18 EDT]
From: Tagged [Tagged@taggedmail.com]
Subject: Payroll Account Holded by Intuit
Direct Deposit Service Informer
Communicatory Only
We cancelled your payroll on Tue, 9 Apr 2013 11:21:18 -0430.
Finances would be gone away from below account # ending in 6780 on Tue, 9 Apr 2013 11:21:18 -0430
amount to be seceded: 4053 USD
Paychecks would be procrastinated to your personnel accounts on: Tue, 9 Apr 2013 11:21:18 -0430
Log In to Review Operation
Funds are typically left before working banking hours so please make sure you have enough Finances accessible by 12 a.m. on the date Cash are to be seceded.
Intuit must reject your payroll by 4 p.m. Central time, two banking days before your paycheck date or your state would not be paid on time.
QuickBooks does not process payrolls on weekends or federal banking holidays. A list of federal banking holidays can be viewed at the Federal Reserve website.
Thank you for your business.
Regards,
Intuit Payroll Services
The link in the email goes through a legitimate but hacked site to a malware landing page at [donotclick]juhajuhaa.ru:8080/forum/links/column.php (report here) hosted on some familiar-looking IP addresses that we saw earlier:
91.191.170.26 (Netdirekt, Turkey)
93.187.200.250 (Netdirekt, Turkey)
208.94.108.238 (Fibrenoire, Canada)
Blocklist:
91.191.170.26
93.187.200.250
208.94.108.238
ifikangloo.ru
ifinaksiao.ru
ighjaooru.ru
igionkialo.ru
ijsiokolo.ru
illuminataf.ru
imanraiodl.ru
itriopea.ru
ivanikako.ru
izamalok.ru
izjianokr.ru
iztakor.ru
jonahgkio.ru
juhajuhaa.ru
jundaio.ru
No comments:
Post a Comment