Intuit releases security advisories and warns against phishing emails ahead of tax season

Intuit issued two warnings this week regarding different types of phishing emails sent to their customers.

In two separate security advisories on Tuesday and Wednesday, the company said it received reports from customers of two types of phishing emails they were receiving.

Intuit urged recipients not to click on any links or attachments, not to reply to the email, and to delete the email. If you have ever clicked on a link in the email or downloaded a file from the email, the company advised you to delete the download, scan your system with an “up-to-date anti-virus program” and change your passwords.

“Intuit has recently received reports from customers that they have received emails similar to the one below. This email is not from Intuit. The sender is not associated with Intuit, does not is not an authorized agent of Intuit, nor is their use of Intuit’s trademarks authorized by Intuit,” Intuit explained.



The previous warning shared a copy of another type of phishing email received by customers.



Erich Kron, security awareness advocate at KnowBe4, said these attacks usually tend to escalate during tax season. Attacks typically attempt to trick people into logging into their accounts on a fake website, allowing crooks to steal user credentials.

Kron suggested that anyone who received these types of emails should go directly to the official website and log into their account, where any notifications or problems with the account would be made obvious, instead of clicking on links directly to from emails.

“Also, on any website where you enter a username and password, you should check the URL bar to make sure you’re on the legitimate organization’s website,” Kron said. .

Tim Erlin of Tripwire added that phishing continues to be a popular means of attack because it continues to work. It only takes one user to click for the phishing campaign to be effective for the attacker, Erlin said, noting that it is very difficult for an organization to prevent phishing attempts because they do not require any compromise of the infrastructure controlled by the organization.

“While we try to fight phishing with technological solutions, the problem remains above all human,” he explained.

The IRS issued a similar warning last week, reminding taxpayers “to be aware that criminals continue to make aggressive calls posing as IRS agents in hopes of stealing taxpayers’ money. or personal information”.

Comments are closed.