A dastardly new phishing scam is targeting tax software users

Phishing scam takes aim at QuickBooks users

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

QuickBooks users are being attacked by an unknown threat actor phishing for sensitive personal information, the software’s maker has warned.

According to aBleepingComputerreport, a number of users reached out to Intuit, the maker of thetax software, and alerted the company to a phishingemailcampaign that tries to scare people into giving away sensitive information. Subsequently, Intuit issued a warning to all users, detailing the campaign.

Apparently, victims will receive an email pretending to be from Intuit, which warns that the company has conducted an account review has not been able to verify some important information.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

For that reason, the email claims, the account has been put on hold until the information can be verified. As you might expect, the email comes with a “Complete Verification” button, which appears to serve up a data verification form.

Defending from phishing

In reality, the button likely redirects the victim to a phishing landing page, where any and all data submitted is transferred directly to the attackers.

What is phishing and how dangerous is it?>Another top NFT company has been hit by a phishing attack>T-Mobile sounds the alarm over unblockable SMS phishing attacks

As usual, QuickBooks users are advised not to open any links or run any email attachments coming from unverified sources. Any such emails that they receive should be deleted immediately, while those that have already opened up the emails should delete any files they might have downloaded, scan their systems withantivirus softwareand change their QuickBookspasswords.

Phishing attacks are a common occurrence, but can usually be spotted relatively easily. The domain from which the email is sent is usually not the same domain the legitimate company uses, and sometimes, the company’s name is misspelled or features a substitute character (a zero instead of the letter o, for example).

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Given that people are often reckless, overworked or hasty, phishing campaigns are regularly quite successful.

ViaBleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Don’t wait until Black Friday, this year’s best Nintendo Switch bundles are on sale now