Intuit Platform Users Targeted in Phishing Campaign
With the tax season starting in late January in the US, scammers and threat actors are setting their sights on busy taxpayers and companies. Intuit, one of the largest US companies specializing in financial software and operating on a global level, sent out a warning to its customers.
Phishing Attempts Ramp Up
Intuit is warning its customers of a new phishing campaign that attempts to scare people into clicking a malicious link in order not to have their accounts closed. The account closure threat, as can be expected, is a scam and a simple social engineering trick to instill a sense of urgency in the victims and get them to act under pressure.
Intuit issued a press release that included a screenshot of a fake email, doctored to look as though it was sent by the company. The financial platform has received multiple reports from its customers about those fake emails and released the PR as an official statement.
The company warned its customers that the account closure message is a scam and does not come from any authorized branch or representative of the company. The campaign is the latest attempt to phish people and either distribute malware or steal personal information.
The full text of the fake email states that the user's account has been temporarily suspended because it had been inactive for too long. The email then attempts to scare the victim into clicking the malicious link, dangling the fake threat of permanent account closure within 24 hours.
General Precautions
Intuit did not provide any specifics about the contents of the malicious link in the phishing emails and did not disclose the nature of the potential payload or malicious page that waits on the other end of the link. However, the company made it very clear that any such emails containing the same threat are fake and should be avoided at all costs.
The company provided the usual precautionary guidelines for customers - deleting any files that may have been downloaded as a result of clicking the link, then running a system scan using an anti-malware suite.