The Intuit security notice, TXP099497, provides customers with the information needed to identify and avoid the recent phishing attempts. It describes the attack’s strategy and provides recommended steps to avoid or resolve any exposure. This type of phishing attack, known as a phishing lure, tries to trick people by impersonating a valid company and sending messages to users on that company’s behalf. The message informs the targets that their account has been temporarily disabled due to inactivity. It also states that the disabled account is the result of a recent security upgrade by the Intuit Maintenance Team. The target is then instructed to click a nefarious link to restore their access.
Intuit has confirmed that these messages are not originating from within their organization, and their security notice instructs users to immediately delete the e-mail if received. Any user who clicks the link or downloads any files should immediately delete the download, run an anti-virus scan, and change their password. The notice also provides a link to additional security tips that provide ways to spot fraudulent messages and scams. In addition to Intuit’s guidance, the Internal Revenue Service (IRS) maintains a list of common scams used to target taxpayers. The nature of tax season and the personal data transmitted make it a prime target for cybercriminals. Like any year, users filing electronically are urged to exercise caution when viewing, preparing, or transmitting any sensitive information.
