Intuit, a financial software business based in the US, has issued a warning to its clients about a new QuickBooks phishing effort. The current phishing campaign, which is the company's fifth big security threat this year, involves deceiving consumers into believing one‘s account has been suspended.
"We're writing to advise you that we were unable to confirm certain information on your account after performing an assessment of your company. As a result, we've placed a temporary hold on your account." The phishing message goes as follows:
"If you believe we've made a mistake, please let us know as soon as possible so we can correct it. Please fill out the verification form below to assist us with effectively revisiting your account. We will re-evaluate your account within 24-48 hours after verification is finished."
Malicious material within the bogus Intuit support team message would send the target to a phishing website where criminals may steal personal data or install malware on infected devices if they clicked the "Complete Verification" button. The sender "is not linked with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit's logos permitted by Intuit," according to the accounting software Intuit. Customers are advised not to open these phishing messages.
Small and medium-sized businesses (SMBs) all over the world utilize Intuit's QuickBooks software. According to the company's website, there are 4.5 million users globally. This year, cyber attackers have targeted the company's vast user base, particularly around tax season in the United States, when the corporation was compelled to release two separate security advisories in as many days in February.
The email in both phishing scams pretended to be an account inactivity warning, suggesting that the user's account had been disabled due to inactivity. Victims were sent links to a bogus Intuit website, which could have been used to steal account information.
It also advises consumers to delete the communications from email inboxes to avoid personal data being stolen and a possible malware infection. Customers who opened the email clicked a link, or downloaded a possibly harmful attachment should take the following precautions:
- Delete the downloaded attachment right away.
- Passwords should be changed regularly.
- Run a complete scan on the machine that may have been hacked.
- Intuit also offers a comprehensive list of security advice that can assist customers in avoiding common cyberattacks such as phishing emails, customer service scams, and identity theft.
