/>
X

Intuit releases security notices, warns of phishing emails ahead of tax season

The company shared examples of two phishing emails customers have already received this season.
headshot-2.jpg
Written by Jonathan Greig on

Intuit released two warnings this week about different types of phishing emails being sent to their customers. 

In two separate security notices on Tuesday and Wednesday, the company said it has received reports from customers about two kinds of phishing emails they were getting. 

Intuit urged recipients not to click on any of the links or attachments, not to reply to the email, and to delete the email. If you have already clicked on a link in the email or downloaded a file from the email, the company said you should delete the download, scan your system with an "up-to-date anti-virus program," and change your passwords. 

"Intuit has recently received reports from customers that they have received emails similar to the one below. This email did not come from Intuit. The sender is not associated with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit's brands authorized by Intuit," Intuit explained. 

security-notice-sir0055694.png
Intuit

The earlier warning shared a copy of another type of phishing email customers received. 

critical-suspension.png
Intuit

Erich Kron, security awareness advocate at KnowBe4, said these attacks typically tend to ramp up during tax season. The attacks generally attempt to trick people into logging into their accounts on a fake website, allowing crooks to steal the user's credentials.  

Kron suggested that anyone who has received these types of emails should go directly to the official website and log into their account, where any notifications or issues with the account would be made obvious, as opposed to clicking on links straight from emails. 

"In addition, on any website where you were entering a username and password, you should check the URL bar to ensure you are at the legitimate organization's website," Kron said. 

Tripwire's Tim Erlin added that phishing continues to be a popular means of attack because it continues to work. It only takes one user to click in order for the phishing campaign to be effective for the attacker, Erlin said, noting that it's very difficult for an organization to prevent phishing attempts because they don't require any compromise of infrastructure that organization controls. 

"While we try to addressing phishing with technological solutions, the problem remains a primarily human one," he explained.

The IRS released a similar warning last week, reminding taxpayers "to be aware that criminals continue to make aggressive calls posing as IRS agents in hopes of stealing taxpayer money or personal information."

Related

10 Highest-paying associate degree options: Your complete guide
power-plants.jpg

10 Highest-paying associate degree options: Your complete guide

Education
The pandemic's surprising impact on K-12 computer science education
Curious kid boy secretly watching forbidden censored content on laptop

The pandemic's surprising impact on K-12 computer science education

Education
3 flat tire tech tricks all cyclists needs to know
img-7410

3 flat tire tech tricks all cyclists needs to know

Home & Office