Customers of accounting and tax software supplier Intuit have been alerted of an ongoing phishing attack mimicking the organization and attempting to entice victims with phony account suspension notifications. Users who were notified and told that their Intuit accounts had been deactivated due to a recent server security upgrade prompted Intuit to issue the advisory.
“We have temporarily disabled your account due to inactivity. It is compulsory that you restore your access within next 24 hours,” as stated by attackers in phishing messages, masquerading as the Intuit Maintenance Team. “This is a result of recent security upgrade on our server and database, to fight against vulnerability and account theft as we begin the new tax season.”
The recipients must visit https://proconnect.intuit.com/Pro/Update immediately to regain access to their accounts. By clicking the link, they will most likely be sent to a phishing site controlled by the attacker, which will attempt to infect them with malware or steal their financial or personal information. Those who hesitate before clicking the attached link are cautioned to risk losing access to their accounts forever.
The financial software company stated that it is not behind these emails and that the sender is not affiliated with Intuit, is not an authorized representative of Intuit, and is not permitted to use Intuit’s logos. According to the creator of TurboTax and QuickBooks, customers who have received one of these phishing emails are advised not to click any embedded links or open files.
To avoid being infected with malware or being sent to a phishing landing page that would try to steal your credentials, it’s best to delete the emails. Customers who have previously opened attachments or clicked links in phishing emails should take the following steps:
- Delete any downloaded files immediately.
- Scan their systems using an up-to-date anti-malware solution.
- Change their passwords.
Intuit also provides information on how users may defend themselves from phishing attacks on its support page.