Intuit warns of QuickBooks phishing threatening to suspend accounts

Tax software vendor Intuit has warned that QuickBooks customers are being targeted in an ongoing series of phishing attacks impersonating the company and trying to lure them with fake account suspension warnings.

Today's alert comes after Intuit received multiple user reports who received these phishing emails and notified their QuickBooks accounts were suspended following a failed business info review.

"We're writing to let you know that after conducting a review of your business, we have been unable to verify some information on your account. For that reason, we have put a temporary hold on your account," the attackers say in the phishing messages while impersonating the QuickBooks support team.

"If you believe that we've made a mistake, we'd like to remedy the situation as quickly as possible. To help us effectively revisit your account please complete the below verification form. Once verification has been completed, we will re-review your account within 24-48 hours."

Clicking the "Complete Verification" button in the phishing email will likely redirect the recipients to a landing phishing site designed to harvest their personal information or infect their systems with malware.

The accounting software maker also added that the sender "is not associated with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit's brands authorized by Intuit."

How to make sure you're not phished

Intuit advises customers who received one of these phishing messages not to click any embedded links or open attachments.

It also recommends deleting them from the inbox to avoid getting infected with malware or sent to some phishing landing page under the attacker's control that would attempt to harvest the targets' credentials.

QuickBooks users who have already opened attachments or clicked links after receiving one of these phishing emails should:

1. Delete any downloaded files immediately.
2. Scan their systems using an up-to-date anti-malware solution.
3. Change their passwords.

Intuit also provides detailed info on how customers can protect themselves from phishing attempts on its support website.

Earlier this year, in February, Intuit warned QuickBooks customers they were the targets of a phishing campaign impersonating the company and threatening to delete their accounts.

In October, threat actors masquerading as Intuit's legal department targeted the company's customers in a fake copyright phishing scam pushing the Hancitor (aka Chanitor) malware downloader and Cobalt Strike beacons.