Consumers and businesses using Intuit’s Quickbooks financial software should be on the lookout for a phishing scam that is using a fake “Intuit Security Warning” email subject line.
The security firm Malwarebytes said in a blog post that the scammers suggest that the email’s recipient use a supplied URL to update their web browser to the latest version so they will not have any trouble using their Intuit product, said Christopher Boyd, a malware intelligence analyst.
The body of the email stated:
INTUIT Security Warning
As of November 5th, 2015, we will be updating the browsers we support. We encourage you to upgrade to the latest version for the best online experience. Please proceed the following link, download and install the security update for all supported browsers to be on top with INTUIT online security!
The supplied URL is intuit(dot)updates(dot)securityserver-2(dot)com. If clicked this site will detect which browser is being used and then serves up a reasonable facsimile of that browsers update page that includes a statement that the user’s current browser is out of date.
Intuit spokesman Steve Sharpe told SCMagazine.com that the company has issued a warning about this vulnerability.
“On November 18, 2015, we posted an alert on security.intuit.com communicating to our customers the threat of this specific phishing campaign, which we detected as having the potential to deliver a malicious payload. Intuit also contacted the major email providers to block and rescind this email from their systems. Additionally, as a direct result of our actions, the suspected URL [intuit(dot)updates(dot)securityserver-2(dot)com] was removed from the Internet, thus directly blocking the threat to our customers,” he said.
This is not the first time an Intuit product has been targeted by cybercriminals. In February 2015 Intuit had to temporarily shut down its TurboTax state e-filing system because hackers were using the system to file false returns and steal tax returns.
Boyd suggested consumers need to be wary when they receive seemingly random emails that make odd requests.
“If in doubt whenever seemingly dodgy emails bearing gifts are concerned, you should visit the official website of the product in question and contact support,” he said.