Tax software vendor Intuit has warned that QuickBooks customers are being targeted in an ongoing series of phishing attacks impersonating the company and trying to lure them with fake account suspension warnings. Today’s alert comes after Intuit received multiple user reports who received these phishing emails stating that their QuickBooks accounts were suspended following a failed business info review. “We’re writing to let you know that after conducting a review of your business, we have been unable to verify some information on your account. For that reason, we have put a temporary hold on your account,” the attackers say in the phishing messages while impersonating the QuickBooks support team. “If you believe that we’ve made a mistake, we’d like to remedy the situation as quickly as possible. To help us effectively revisit your account please complete the below verification form. Once verification has been completed, we will re-review your account within 24-48 hours.” Clicking the “Complete Verification” button in the phishing email will likely redirect the recipients to a landing phishing site designed to harvest their personal information or infect their systems with malware. The accounting software maker also added that the sender “is not associated with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit’s brands authorized by Intuit.”
Intuit advises customers who received one of these phishing messages not to click any embedded links or open attachments. They also recommend deleting them from the inbox to avoid getting infected with malware or sent to a phishing landing page under the attacker’s control that would attempt to harvest the targets’ credentials. QuickBooks users who have already opened attachments or clicked links after receiving one of these phishing emails should:
• Delete any downloaded files immediately.
• Scan their systems using an up-to-date anti-malware solution.
• Change their passwords.
Intuit also provides detailed information on how customers can protect themselves from phishing attempts on its support website.