The recent scam appears to cut across Intuit’s cloud and desktop
products. In a worrying development pointing to the increasing
sophistication of such scams, Intuit also stated that hackers appear
to now be able to link emails to existing email chains, boosting the
perceived authenticity of such communications.
QuickBooks owner Intuit recently warned users that they risk being
targeted by an ongoing series of fake emails designed to trick
customers into thinking their account has been suspended and allow
cybercriminals to steal critical financial information.
Typically, QuickBooks customers will receive an email purporting to be
from the vendor’s support team but actually from cyber criminals,
notifying them that their accounts have been suspended following a
failed business information review.
One example shared by parent company Intuit states: “We’re writing to
let you know that after conducting a review of your business, we have
been unable to verify some information on your account. For that
reason, we have put a temporary hold on your account.”
While the screenshot of another phishing email above is relatively
convincing in terms of branding and avoids many of the spelling and
grammar mistakes that have marked such attacks in the past, warning
lights should be flashing because the email is coming from Outlook
.com email address, not a valid QuickBooks address.
As such, Intuit has issued the following advisory to users, which
states that the company never:
Sends an email with a supposed “software update” or “software
download” attachment.
Sends an email asking for a login or password
Requests bank or credit card details in an email message.
Requests sensitive employee information from business users via e-mail.
It also provides advice on how to identify suspicious activity,
phishing and potential fraud, stating that company emails will always
come from an email address ending in @intuit.com (also includes
@e.intuit.com) . Any link sent by the customer will also always be to
intuit.com.
The company advises users to delete emails flagged as phishing
attacks. If customers have already clicked on a link or downloaded
anything from the email, it says they should immediately delete the
download, scan their system with the latest antivirus program and
change their passwords.
This year alone, Intuit has issued six warnings on its security
notices page about various phishing scams designed to trick users into
revealing personal information or subject them to downloading malware
that will infect their computers.
It’s likely that QuickBooks software has become a target for
cybercriminals because of the size of its user base — 4.5 million —
and its use by small and medium-sized businesses that typically can’t
afford to maintain an IT team.