QuickBooks clients have been warned by Intuit regarding ongoing phishing attacks using phony account suspension warnings as lures, according to BleepingComputer.
Attackers have been distributing phishing emails notifying users that their account has been temporarily put on hold after some account information was not verified. Included in the email is a "Complete Verification" button that has been suspected to redirect to a personal data-harvesting site. The email sender is not in any way affiliated with Intuit, stressed the company, which urged recipients of the phishing email to avoid clicking and opening included links and attachments. Intuit also called on clients to immediately delete the emails.
Meanwhile, those who had opened the links and attachments have been advised to promptly delete downloaded files, conduct anti-malware scanning of their systems, and replace their passwords. The advisory comes months after Intuit warned customers regarding a phishing campaign spoofing the firm in emails that threaten account deletion.
Intuit QuickBooks clients targeted in phishing attacks
QuickBooks clients have been warned by Intuit regarding ongoing phishing attacks using phony account suspension warnings as lures.
Such an intrusion involved threat actors compromising a software-as-a-service user's email account to determine potentially exploitable conversations where they could deliver an email purporting to be a reply to a message about tax and payment details before establishing a new mailbox rule that would forward messages to an archive folder to conceal malicious activity.