Customers of accounting and tax software supplier Intuit have been warned of an ongoing phishing attack masquerading the organisation and attempting to mislead victims with fraudulent account suspension notifications. 

Customers who were notified and told that their Intuit accounts had been disabled as a result of a recent server security upgrade prompted Intuit to issue the advisory. 

The attackers stated in the phishing messages, masquerading as the Intuit Maintenance Team, "We have temporarily disabled your account due to inactivity. It is compulsory that you restore your access within next 24 hours. This is a result of recent security upgrade on our server and database, to fight against vulnerability and account theft as we begin the new tax season." 

To regain access to their accounts, the receivers need to visit https://proconnect.intuit.com/Pro/Update right away. By clicking the link, they will most likely be redirected to a phishing site controlled by the attacker, which will seek to infect them with malware or steal their financial or personal information. 

Those who hesitate before clicking the embedded link are warned that they risk losing access to their accounts permanently. The financial software company stated the sender "is not associated with Intuit, is not an approved agent of Intuit, nor is their use of Intuit's brands authorised by Intuit," and that it isn't behind the emails. 

Customers who have received phishing emails are advised not to click any embedded links or open attachments, according to the maker of TurboTax and QuickBooks. 

To avoid being infected with malware or redirected to a phishing landing page that would try to steal the credentials, it's best to delete the emails. Customers who have already opened attachments or clicked links in phishing emails should take the following steps: 

On its support page, Intuit also provides information on how users can safeguard themselves from phishing assaults. 

QuickBooks clients were also cautioned in October about phishing attacks that used bogus renewal charges as bait. Fraudsters contacted QuickBooks users via websites in the same month, telling them to upgrade to prevent their databases from being destroyed or corporate backup files automatically erased, with the intent of taking over their accounts.