QuickBooks users are being attacked by an unknown threat actor phishing for sensitive personal information, the software’s maker has warned. According to a BleepingComputer report, a number of users reached out to Intuit, the maker of the tax software(opens in new tab), and alerted the company to a phishing email campaign that tries to scare people into giving away sensitive information. Subsequently, Intuit issued a warning to all users, detailing the campaign.
Apparently, victims will receive an email pretending to be from Intuit, which warns that the company has conducted an account review has not been able to verify some important information.
For that reason, the email claims, the account has been put on hold until the information can be verified. As you might expect, the email comes with a “Complete Verification” button, which appears to serve up a data verification form.
Defending from phishing
In reality, the button likely redirects the victim to a phishing landing page, where any and all data submitted is transferred directly to the attackers.
As usual, QuickBooks users are advised not to open any links or run any email attachments coming from unverified sources. Any such emails that they receive should be deleted immediately, while those that have already opened up the emails should delete any files they might have downloaded, scan their systems with antivirus software and change their QuickBooks passwords.
Phishing attacks are a common occurrence, but can usually be spotted relatively easily. The domain from which the email is sent is usually not the same domain the legitimate company uses, and sometimes, the company’s name is misspelled or features a substitute character (a zero instead of the letter o, for example).
Given that people are often reckless, overworked or hasty, phishing campaigns are regularly quite successful.