According to Intuit, QuickBooks clients are being targeted by a phishing effort mimicking the firm and luring prospective victims with phony messages about renewal costs.
Intuit revealed that customers reported they were emailed and told their QuickBooks plans had expired. However, the company never sent any such emails.
Intuit, the financial software company, said that customers who received one of these phishing emails are advised not to click any link in the emails or open files.
To avoid getting infected with malware or being led to a phishing landing page meant to steal credentials, it is suggested that you delete them. Customers who have previously opened attachments or clicked links in phishing emails should take the following steps:
- Delete any downloaded files as soon as possible.
- Use an up-to-date anti-malware solution to scan their systems.
- Change the passwords.
On its support page, Intuit also advises on how consumers may defend themselves against phishing attacks.
In July, Intuit also issued a phishing email notice advising users to dial a phone number to update QuickBooks 2021 before the end of the month. It was intended to prevent having their databases damaged or corporate backup files automatically deleted.
The fraudsters will attempt to take control of the callers’ QuickBooks accounts. To do so, they pose as QuickBooks support employees and ask the victims to install remote access software such as TeamViewer or AnyDesk.
Then they communicate with the victims and ask for the information they need to change their QuickBooks passwords and gain control of their accounts to drain money by making payments in their names.
Scammers will ask for the one-time permission code to proceed with the update if the victims have two-factor authentication activated.
In addition to these two ongoing efforts, other threat actors are impersonating Intuit in a phony copyright phishing scheme, as per the tweet from SlickRockWeb CEO Eric Ellason.
In June, Intuit also informed TurboTax clients that attackers had gained access to some of their personal and financial information due to a series of account takeover attacks. In addition, the business said that there was no “systemic data breach of Intuit.”
After investigation, the company revealed that the attackers accessed the customer’s accounts, name, date of birth, Social Security number, driving license number, address, financial information, and more using credentials obtained from “a non-Intuit source.”