Phishing Campaign Targets QuickBooks Users
Accounting software provider Intuit has warned of a phishing scam targeting its customers, BleepingComputer reports. The phishing campaign affected users of Intuit’s QuickBooks product, informing them that their account was put on hold.
“Intuit has recently received reports from customers that they have received emails similar to the one below,” the company said in an alert. “This email did not come from Intuit. The sender is not associated with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit’s brands authorized by Intuit. Please don’t click on any links or attachments, or reply to the email. We recommend you delete the email.”
If a user has clicked on a link or downloaded something from the email, Intuit offers the following recommendations:
- Delete the download immediately.
- Scan your system using an up-to-date anti-virus program.
- Change your passwords.
The phishing emails appear convincing and contain good grammar, stating, “Dear Customer, We’re writing to let you know that, after conducting a review of your business, we have been unable to verify some information on your account. For that reason, we have put a temporary hold on your account. If you believe that we’ve made a mistake, we’d like to remedy the situation as soon as possible. To help us effectively revisit your account, please complete the following verification form. Once the verification has completed, we will re-review your account within 24-48 hours.”
The email contains a button that says “Complete Verification.” If a user clicks this link, they’ll either be asked to download a malicious file or taken to a site designed to steal their information. Intuit notes that users can verify if they’ve received a legitimate email from Intuit by signing into their account and checking to see if they’ve received the same message online.
Be Proactive – Don’t Wait to Fall Victim!
Cyberattacks are likely taking place every day on your business, with email responsible for 91% of all attacks. Small to mid-size companies are the prime target and most vulnerable.
Our 13 Ways to Protect Your Business Against Cyberattacks checklist, provides steps to improve your cybersecurity. Developing a comprehensive cybersecurity program that includes a plan for educating your workforce is the best defense.
This article was provided by our partners at KnowBe4.