Tax software vendor Intuit cautioned QuickBooks users that they are being targeted in ongoing phishing attacks where threat actors pose as Intuit personnel to lure them with phony account suspension warnings.

“We’re writing to let you know that after conducting a review of your business, we have been unable to verify some information on your account. For that reason, we have put a temporary hold on your account. If you believe that we’ve made a mistake, we’d like to remedy the situation as quickly as possible. To help us effectively revisit your account please complete the below verification form. Once verification is completed, we will re-review your account within 24-48 hours,” said the hackers in their message to QuickBooks users. 

Once users click on the “Complete Verification” button in the phishing email,  they will be redirected to a landing site where their personal information is stolen or their system infected with malware.

Intuit emphasized that the sender “is not associated with Intuit, is not an authorized agent of Intuit, nor is their use of Intuit’s brands authorized by Intuit.”

Customers who received one of these phishing messages are strongly urged not to click on the embedded links or open any attachments.

Users are also advised to delete these emails from their inbox to prevent any data breach and to avoid malware from being installed on their systems.

Meanwhile, QuickBooks users who have already opened attachments or clicked links embedded on these phishing emails must immediately delete all downloaded files, scan their systems using an updated anti-malware solution, and change their passwords.