Intuit issues phishing warnings to QuickBooks usersby
QuickBooks owner Intuit has warned users that they risk being targeted by an ongoing series of fake emails designed to trick customers into thinking their account has been suspended and allow cybercriminals to steal critical financial information.
Typically, QuickBooks customers will receive an email purportedly from the vendor’s support team (but actual from cybercriminals) notifying them that their accounts have been suspended following a failed business information review.
One example shared by parent company Intuit states: "We're writing to let you know that after conducting a review of your business, we have been unable to verify some information on your account. For that reason, we have put a temporary hold on your account,"
While the screenshot of another scam email displayed above is relatively convincing in terms of its branding and avoids many of the spelling and grammatical errors that marked out such attacks in the past, warning lights should flash due to the fact the correspondence comes from an outlook.com email address rather than a legitimate QuickBooks address.
Intuit has issued guidance for users, stating that the company never:
- Sends an email with a supposed "software update" or "software download" attachment.
- Sends an email asking the recipient to send sign-in or password details.
- Asks for bank or credit card details in an email message.
- Asks business users for confidential information about employees in an email.
It has also provided tips on how to identify suspicious activity, phishing scams, and potential fraud, which outlines that company emails will always come from an email address that ends with @intuit.com (also including @e.intuit.com). Any link sent to customers will also always be for an intuit.com address.
The scam appears to cut across both the vendor's cloud and desktop products. In a worrying development pointing to the increasing sophistication of such scams, Intuit also stated that hackers appear to now be able to link emails to existing email chains, boosting the perceived authenticity of such communications.
The company recommends that users delete emails flagged as phishing attacks. If customers have already clicked on a link or downloaded something from the email, it states they should delete the download immediately, scan their system using an up-to-date anti-virus program and change their passwords.
It is likely that QuickBooks’ software has become a target for cybercriminals due to the size of its userbase - a reported 4.5 million - and its usage among small and medium-sized businesses that are typically not able to keep an IT team on the books.