Intuit is warning its Quickbooks users that they may be targeted by an ongoing phishing campaign impersonating the company and trying to lure potential victims with fake renewal charges.
The company stated that they have been receiving reports from its users about an on-going phishing campaign. “This email did not come from Intuit. The sender is not associated with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit’s brands authorized by Intuit,” Intuit explained.
The financial software firm advises all customers who received one of these phishing messages not to click any links embedded in the emails or open attachments.
Users who have already click-through links on the phishing emails are advised to do the following:
- Delete any downloaded files immediately.
- Scan their systems using an up-to-date anti-malware solution.
- Change their passwords.
- Intuit also provides information on how customers can protect themselves from phishing attempts on its support website.
Intuit’s users are common targets for phishing attacks. In July, Intuit also alerted its customers of phishing emails, asking them to call a phone number to upgrade to QuickBooks 2021 until the end of the month to avoid having their databases corrupted or company backup files removed automatically.
Intuits is also being impersonated by other hackers in a fake copyright scam, according to SlickRockWeb CEO Eric Ellason said today.
Recipients targeted by these emails risk infecting themselves with the Hancitor (aka Chanitor) malware downloader or have Cobalt Strike beacons deployed on their systems.
The embedded links send the potential victims through advanced redirection chains using various security evasion tactics and victim fingerprinting malspam.
In June, Intuit also notified TurboTax customers that some of their personal and financial info was accessed by attackers following a series of account takeover attacks. The company also said that that was not a “systemic data breach of Intuit.”
The company’s investigation revealed that the attackers used credentials obtained from “a non-Intuit source” to access the customers’ accounts and their name, Social Security number, address(es), date of birth, driver’s license number, financial information, and more.
TurboTax customers were targeted in at least three other account takeover attack campaigns in 2014/2015 and 2019.
Protection Against Phishing
SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family internet controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories
Typically, a business or family would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.