Beware Of New QuickBooks Phishing Campaign

Phishing scam art. Be aware of these top phishing email scam subjects.

Written by: Jay H.

Intuit has warned that a new phishing campaign is targeting small business users of the accounting software QuickBooks with fake account suspension warnings.

This warning came after multiple users reported receiving fake phishing emails notifying them of a supposed failed business information review.

“We’re writing to let you know that after conducting a review of your business, we have been unable to verify some information on your account. For that reason, we have put a temporary hold on your account,” the bad actors write in the email while impersonating QuickBooks.

“If you believe that we’ve made a mistake, we’d like to remedy the situation as quickly as possible. To help us effectively revisit your account please complete the below verification form. Once verification has been completed, we will re-review your account within 24-48 hours.”

Intuit QuickBooks phishing email

Intuit QuickBooks phishing email | Image: Intuit

However, as you hopefully know, clicking on the “Complete Verification” button in the email likely redirects the users to a phishing site designed to harvest credentials or give them malware.

In this example, the attacker’s email did not appear to come from a QuickBooks email. However, other reported attacks involved legitimate-looking emails, meaning you have to be incredibly careful when evaluating unexpected emails.

If you’ve interacted with these phishing emails

You should delete the email from your inbox to prevent yourself from falling victim. However, if you’ve clicked a link or downloaded an attachment from this or other phishing emails, Intuit recommends that you:

  • Delete the download immediately.
  • Scan your system using an up-to-date anti-virus program.
  • Change your passwords.

How to avoid falling victim to a phishing scam

Our blog post, How To Spot An Email Scam, has some great tips on staying safe when handling suspicious emails. However, the best takeaway is that if you’re ever uncertain, reach out to the sender directly and through legitimate channels– in this case, it would be through the Intuit website, Similarly, if you receive an alarming email from a colleague, contact them through other means such as phone or in-person visits to verify that the email is legitimate.

Phishing campaigns and other tactics are some of the biggest threats to your business today. If you need help securing your firm against these crippling attacks, please contact us today.

Protected by Copyscape



Comments are closed.