Intuit warns of phishing emails threatening to delete accounts

Intuit

Accounting and tax software provider Intuit has notified customers of an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended.

Intuit’s alert follows reports received from customers who were emailed and told that their Intuit accounts were disabled following a recent server security upgrade.

“We have temporarily disabled your account due to inactivity. It is compulsory that you restore your access within next 24 hours,” the attackers say in the phishing messages, masquerading as the Intuit Maintenance Team.

“This is a result of recent security upgrade on our server and database, to fight against vulnerability and account theft as we begin the new tax season.”

The recipients are instructed to go to https://proconnect.intuit.com/Pro/Update immediately to restore access to their accounts.

Clicking the link will likely redirect them to an attacker-controlled phishing site designed to infect them with malware or harvest their financial or personal information.

Those who might think twice before clicking the embedded link are warned that they might permanently lose access to their accounts.

The financial software maker said that it’s not behind these emails and that the sender “is not associated with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit’s brands authorized by Intuit.”

Intuit phishing email
Sample phishing email (Intuit)

How to avoid getting phished

The maker of TurboTax and QuickBooks urges all customers who have received one of these phishing emails not to click any embedded links or open attachments.

The recommended way to tackle these phishing attempts is to delete the emails to avoid getting infected with malware or being redirected to a phishing landing page that would try to hand over your credentials.

Customers who already opened attachments or clicked the links in such phishing emails should:

  1. Delete any downloaded files immediately.
  2. Scan their systems using an up-to-date anti-malware solution.
  3. Change their passwords.

Intuit also shares info on how its customers can protect themselves from phishing attacks on its support website.

In October, the company also warned QuickBooks customers of phishing attacks using fake renewal charges as lures.

The same month, QuickBooks users were targeted by scammers via sites threatening them to upgrade to avoid having their databases corrupted or company backup files removed automatically with the end goal of taking over their accounts.

TurboTax customers were also affected by at least four account takeover attack campaigns in 2014/20152019, and 2021.