Intuit issues yet another phishing warning to QuickBooks customers

A cushion on a sofa with Intuit's Quickbooks logo branded onto it
(Image credit: Shutterstock)

Intuit has warned of a new phishing campaign specifically targeting the users of small business accounting software QuickBooks.

The latest phishing campaign, which is the fifth major security threat the company has issued warnings over this year, involves tricking users into thinking their account has been suspended.

In an example email received by a customer, shared by Intuit, the phishing campaign lacks some sophistication in that the sender’s web domain does not appear related to either Intuit or the QuickBooks brands.

In more recent sophisticated scams, hackers have been able to send emails to an organisation’s employees directly off the back of existing email chains to increase the level of deception and perceived authenticity.

The latest email campaign does adopt the QuickBooks branding in the email’s body and, unlike the more common phishing scams, the language used is convincing and professional in tone.

Screenshot of phishing email sent to QuickBooks customers

(Image credit: Intuit)

Victims are presented with a notice that their account will be suspended after the QuickBooks team were supposedly unable to verify account information.

There is a link included in the email that purports to take users to a page to complete their account verification. Intuit did not say what happened if a user clicked on the link, but the company did advise users to delete anything that was downloaded from the email.

This detail would suggest that the attack was attempting to distribute malware, which could be used for any number of purposes, including information or credential theft, ransomware, and business email compromise attacks.

“Intuit has recently received reports from customers that they have received emails similar to the one below,” the company said in an announcement. “This email did not come from Intuit. The sender is not associated with Intuit, is not an authorised agent of Intuit, nor is their use of Intuit's brands authorised by Intuit.”

QuickBooks users are advised to delete anything that has been downloaded from email immediately and run a system-wide scan using an up-to-date antivirus application. If the link was clicked, users should also consider changing their passwords, Intuit said.

Intuit phishing attacks in 2022

Intuit’s QuickBooks software is used widely by small and medium-sized businesses (SMBs) across the world. The company’s website claims it currently has 4.5 million users worldwide.

The large user base has been a target for cyber attackers this year, especially around the US tax season when the company was forced to issue two separate security advisories in as many days back in February.

In both phishing scams, the email attempted to lure users with a fake account inactivity notice, claiming their account was disabled through a lack of use. Victims were presented with links to a fake Intuit site that could have been used to steal account credentials.

Cyber criminals have targeted these types of software around tax seasons before, both in the US this year and in the UK towards the end of 2021, as the self-assessment deadline approached.

The other two Intuit scams this year occurred in April, as customers reported fake emails relating to their software subscription. Intuit issued two separate advisories for the campaigns that appeared to be linked given the same fake email domains from which the payment receipt and payment invoices were sent.

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.