Confirmed scam — delete it
This email uses a fake QuickBooks dispute notification to trick you into clicking a malicious link.
MalwareTips analyst · message material
invoice_scamThis email uses a fake QuickBooks dispute notification to trick you into clicking a malicious link.
- The Reply-To address points to a random personal domain instead of an official Intuit or QuickBooks support address.
- The message uses high-pressure tactics regarding a large financial dispute and restricted funds to provoke an immediate reaction.
- The sender display name is formatted incorrectly and the infrastructure lacks standard authentication results like SPF or DKIM.
- The footer contains a Gmail address and a mobile phone number which are inconsistent with professional corporate support communications.
Do not click any links or buttons in this email. Forward the message to security@intuit.com and then delete it from your inbox.
Every scoring adjustment, in dominance order. Shows exactly how we got from 100 to the final trust number.
Why this verdict
100 → 0The scorer starts every address at 100 trust and applies each signal below in turn. Negative deltas are penalties (red), positive deltas are bonuses (emerald). Final clamped trust: 0.
- The pasted address doesn't parse as a valid RFC-5322 email address.syntax_invalid-100
Paste the sender to unlock identity + infrastructure analysis
This scan analysed the message body only. Adding the sender address, a Gmail Name <a@b.com> line, or full headers unlocks:
- Display-name impersonationSpot mismatched names like "PayPal Support" on a random Gmail.
- SPF · DKIM · DMARCSee whether the sending server is authorised to use that domain.
- Domain age + registrarBrand-new domains are one of the strongest phish signals.
- Breach exposureHow many known data breaches this specific address appears in.
- MX + DNSBL reputationWhether the domain can even receive mail and if it's on any blocklists.
Your previous paste won't be sent — you'll start a fresh scan with both fields.