The tax and accounting software provider known as Intuit recently notified its customers of a continuing phishing campaign where the firm is being impersonated. Bogus emails are being issued in attempts to lure targets with false warnings stating that their Intuit accounts are suspended.

Phishing attacks are an ongoing issue for many enterprises with numerous companies falling foul to their insidious tactic. Business of all sizes are targeted by phishing operations for various reasons from deploying malware and stealing company credentials to tricking individuals into parting with funds and information and intranet infiltration.

Well-known companies are often imitated to create trust in phishing email attacks, with content mimicking their branding and writing style. In some cases, spoof email addresses are used, or hacked authentic accounts help to fool recipients into believing that they are being contacted by a trusted source.

A cybercriminal campaign against customers

The warnings issued by Intuit follow reports the company received from its customer base. Users of the firm’s software were contacted via email and informed that after a recent security grade on company servers, their Intuit accounts had been disabled.

The phishing messages were framed as if they were sent by Intuit’s in-house maintenance staff and stated:

“We have temporarily disabled your account due to inactivity. It is compulsory that you restore your access within next 24 hours. This is a result of recent security upgrade on our server and database, to fight against vulnerability and account theft as we begin the new tax season.”

The selected victims were then instructed to visit https://proconnect.intuit.com/Pro/Update to immediately to reclaim access to their Intuit accounts.

However, clicking on the included link, redirects the users phishing site controlled by the attackers and either harvests their personal or financial data or infects their device with malicious software.

If targeted users hesitate to comply and opt not to click on the embedded link, they are threatened with the permanent loss of access to their personal Intuit account.

In its recent advisory to customers, the financial software manufacturer commented that it was not responsible for the emails. It also stated that the entity behind the messages was in no way associated with the firm and is not an authorised agent working for Intuit. Additionally, Intuit commented that the sender did not have authorisation to use Intuit’s dedicated brands.

Avoiding the Intuit phishing attack

Responsible for software products like QuickBooks and TurboTax, the software provider is encouraging all its customers in receipt of malicious image to follow its advice. It stated that customers should not open any attached documents or click on the links embedded in the body copy of the emails.

The best action to take when receiving a phishing message is to delete the email, effectively stopping any chance of a redirect to a phishing page or having a device infected with malware.

Any customers who have opened an attachment or followed a link in the phishing emails should instantly delete any files downloaded, scan their computer system for malware and alter their passwords without delay.