IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Intuit issues yet another phishing warning to QuickBooks customers

The latest announcement marks the fifth phishing security advisory the company has made for QuickBooks users this year

Intuit has warned of a new phishing campaign specifically targeting the users of small business accounting software QuickBooks.

The latest phishing campaign, which is the fifth major security threat the company has issued warnings over this year, involves tricking users into thinking their account has been suspended.

In an example email received by a customer, shared by Intuit, the phishing campaign lacks some sophistication in that the sender’s web domain does not appear related to either Intuit or the QuickBooks brands.

In more recent sophisticated scams, hackers have been able to send emails to an organisation’s employees directly off the back of existing email chains to increase the level of deception and perceived authenticity.

The latest email campaign does adopt the QuickBooks branding in the email’s body and, unlike the more common phishing scams, the language used is convincing and professional in tone.

Screenshot of phishing email sent to QuickBooks customers


Victims are presented with a notice that their account will be suspended after the QuickBooks team were supposedly unable to verify account information.

There is a link included in the email that purports to take users to a page to complete their account verification. Intuit did not say what happened if a user clicked on the link, but the company did advise users to delete anything that was downloaded from the email.

This detail would suggest that the attack was attempting to distribute malware, which could be used for any number of purposes, including information or credential theft, ransomware, and business email compromise attacks.

“Intuit has recently received reports from customers that they have received emails similar to the one below,” the company said in an announcement. “This email did not come from Intuit. The sender is not associated with Intuit, is not an authorised agent of Intuit, nor is their use of Intuit's brands authorised by Intuit.”

QuickBooks users are advised to delete anything that has been downloaded from email immediately and run a system-wide scan using an up-to-date antivirus application. If the link was clicked, users should also consider changing their passwords, Intuit said.

Intuit phishing attacks in 2022

Intuit’s QuickBooks software is used widely by small and medium-sized businesses (SMBs) across the world. The company’s website claims it currently has 4.5 million users worldwide.

The large user base has been a target for cyber attackers this year, especially around the US tax season when the company was forced to issue two separate security advisories in as many days back in February.

In both phishing scams, the email attempted to lure users with a fake account inactivity notice, claiming their account was disabled through a lack of use. Victims were presented with links to a fake Intuit site that could have been used to steal account credentials.

Cyber criminals have targeted these types of software around tax seasons before, both in the US this year and in the UK towards the end of 2021, as the self-assessment deadline approached.

The other two Intuit scams this year occurred in April, as customers reported fake emails relating to their software subscription. Intuit issued two separate advisories for the campaigns that appeared to be linked given the same fake email domains from which the payment receipt and payment invoices were sent.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download


Education and government most at risk from email threats

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems

Attackers use CSS to fool anti-phishing systems

11 Nov 2021

Most Popular

Salaries for the least popular programming languages surge as much as 44%

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022