Recap: Tax season is a notoriously busy time of year for cybercriminals and tax-related security teams. A security notice issued earlier this week is warning TurboTax customers to watch out for e-mails threatening to cancel their tax preparation accounts. The emails, which claim to be from the Intuit Maintenance Team, are phishing attacks attempting to gather sensitive user information.
The Intuit security notice, TXP099497, provides customers with the information needed to identify and avoid the recent phishing attempts. It describes the attack’s strategy and provides recommended steps to avoid or resolve any exposure.
This type of phishing attack, known as a phishing lure, tries to trick people by impersonating a valid company and sending messages to users on that company’s behalf. The message informs the targets that their account has been temporarily disabled due to inactivity. It also states that the disabled account is the result of a recent security upgrade by the Intuit Maintenance Team. The target is then instructed to click a nefarious link to restore their access.
Intuit has confirmed that these messages are not originating from within their organization, and their security notice instructs users to immediately delete the e-mail if received. Any user who clicks the link or downloads any files should immediately delete the download, run an anti-virus scan, and change their password. The notice also provides a link to additional security tips that provide ways to spot fraudulent messages and scams.
In addition to Intuit’s guidance, the Internal Revenue Service (IRS) maintains a list of common scams used to target taxpayers. The nature of tax season and the personal data transmitted make it a prime target for cybercriminals. Like any year, users filing electronically are urged to exercise caution when viewing, preparing, or transmitting any sensitive information.