Tax software vendor Intuit has warned that QuickBooks customers are being targeted in ongoing phishing attacks impersonating the company. The phishing attacks are attempting to lure users with fake account suspension warnings. Today’s alert from Intuit comes after multiple users reported receiving phishing emails notifying them that their QuickBooks accounts were suspended following a failed business information review.
The attackers are impersonating the QuickBooks support team with messages along the line of, “We’re writing to let you know that after conducting a review of your business, we have been unable to verify some information on your account. For that reason, we have put a temporary hold on your account. If you believe we’ve made a mistake, we’d like to remedy the situation as quickly as possible. To help us effectively revisit your account, please complete the below verification form. Once verification has been completed, we will re-review your account within 24-48 hours.”
Clicking the “Complete Verification” button in the phishing email will redirect the recipients to a site designed by the phishing company to capture your personal information or place malware into your computer system.
Intuit stated that they would never send an email with a “software update”, or “download attachment”, ask a recipient to send sign-in, details regarding their passwords, ask for bank or credit card details, or ask users for confidential information about employees in an email. Intuit added that the sender is not associated as an authorized agent of the accounting software maker. Any email from Intuit must come from an Intuit.com or e.Intuit.com address.
How to ensure you’re not phished
If you received one of the phishing messages, do not click any embedded links or open attachments. Instead, deleting them from your inbox is recommended to avoid getting your system infected with malware or sent to a phishing landing page under the attacker’s control.
What should you do if you have already opened the attachments or clicked links after receiving one of the phishing emails?
- Delete any downloaded files immediately
- Scan your system using an up-to-date anti-malware solution
- Change your passwords
Intuit has also provided detailed information on how to protect yourself from phishing attempts on its support website.
If you have any concerns or questions regarding phishing attacks, our team of professionals at Suttle & Stalnaker can help!