The recent scam appears to cut across Intuit’s cloud and desktop products. In a worrying development pointing to the increasing sophistication of such scams, Intuit also stated that hackers appear to now be able to link emails to existing email chains, boosting the perceived authenticity of such communications.
QuickBooks owner Intuit recently warned users that they risk being targeted by an ongoing series of fake emails designed to trick customers into thinking their account has been suspended and allow cybercriminals to steal critical financial information.
Typically, QuickBooks customers will receive an email purporting to be from the vendor’s support team but actually from cyber criminals, notifying them that their accounts have been suspended following a failed business information review.
One example shared by parent company Intuit states: “We’re writing to let you know that after conducting a review of your business, we have been unable to verify some information on your account. For that reason, we have put a temporary hold on your account.”
While the screenshot of another phishing email above is relatively convincing in terms of branding and avoids many of the spelling and grammar mistakes that have marked such attacks in the past, warning lights should be flashing because the email is coming from Outlook .com email address, not a valid QuickBooks address.
As such, Intuit has issued the following advisory to users, which states that the company never:
- Sends an email with a supposed “software update” or “software download” attachment.
- Sends an email asking for a login or password
- Requests bank or credit card details in an email message.
- Requests sensitive employee information from business users via e-mail.
It also provides advice on how to identify suspicious activity, phishing and potential fraud, stating that company emails will always come from an email address ending in @intuit.com (also includes @e.intuit.com) . Any link sent by the customer will also always be to intuit.com.
The company advises users to delete emails flagged as phishing attacks. If customers have already clicked on a link or downloaded anything from the email, it says they should immediately delete the download, scan their system with the latest antivirus program and change their passwords.
This year alone, Intuit has issued six warnings on its security notices page about various phishing scams designed to trick users into revealing personal information or subject them to downloading malware that will infect their computers.
It’s likely that QuickBooks software has become a target for cybercriminals because of the size of its user base — 4.5 million — and its use by small and medium-sized businesses that typically can’t afford to maintain an IT team.