Phishing Alert for Quickbooks Customers

On November12 Intuit issued a phishing alert for Quickbooks customers. The alert applies to Quickbooks and Quickbooks Online users. Individuals receiving an email asking customers to download a plug-in should immediately delete it.

A copy of one email was forwarded to me. Being asked to download something from the page and being told after November 17th the user would not have access to their account raised a red flag in my mind. Another major red flag was the extensive use of the Microsoft name to lend credibility to the notice.  People are expecting changes to their Line of Business applications due to the release of Windows 7, so assuming the relationship, downloading the plug-in could seem logical. A visit to the Intuit site clears the matter. The security alerts includes the following statements:

What we won't do
 

• We will never send you an email with a "software update" or "software download" attachment.
• We will never send you an email asking you for login or password information to be sent to us.
• We will never ask you for your banking information or credit card information in an email.
• We will never ask you for confidential information about your employees in an email.

What we'll do
 

• We will provide you with instructions on how to stay current with your Intuit product, and we will provide you with information on how to securely download an update from your computer.
• If we need you to update your account information, we will request that you do so by logging into your account.
   

Before downloading, installing, updating or clicking on a link with a request from a seemingly legitimate email, visit the main website to verify the content and take the appropriate action.