Phishing Campaign Targets Intuit QuickBooks Users With Bogus Account Hold Notices

QuickBooks on a laptop
The only real certainties in life are death, taxes, and scammers trying to swindle you out of your money. In the digital age, that means phishing scams run rampant, as it's a relatively low effort and potentially high reward ruse. Some efforts are more convincing than others, perhaps such as the one that is targeting Intuit QuickBooks users the moment.

QuickBooks is a popular accounting software package, and according to Intuit, there's a phishing campaign targeting its users. Intuit says it's received reports from customers who have received fraudulent emails impersonating the company, telling them that their accounts have been temporary put on hold following a review of their business.

QuickBooks phishing email
Intuit warns QuickBooks users to be on the lookout for phishing emails similar to the one above

"We're writing to let you know that, after conducting a review of your business, we have been unable to verify some information on your account. For that reason, we have put a temporary hold on your account," one version of the email reads.

"If you believe that we've made a mistake, we'd like to remedy the situation as quickly as possible. To help us effectively revisit your account, please complete the below verification form," the email continues.

The bogus email attempts to persuade QuickBooks users into clicking a green "Complete Verification" button, which we presume redirects the user to a spoofed site and form asking for their personal details. Clicking and providing such information would obviously be a mistake, because there is no official account audit taking place.

It doesn't sound like all the phishing emails are exactly the same. However, in the example Intuit provided, the grammar is better than many phishing scams we have seen, which could increase the chance that someone falls it. Even the US Department of Justice is not immune to being snookered by phishing scams.

"The sender is not associated with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit's brands authorized by Intuit," Intuit says.

Intuit also offers up some basic advice in its security advisory, like not clicking on links or downloading attachments from these types of emails. Users should also delete the email right away and/or nuke the attachment if they've already downloaded it. Additionally, scanning for malware and changing their passwords is recommended.