This article contains information on how you can recognize and report phishing, spam, spoof, or hoax emails.
Note: These emails will say they are from Intuit and ask you to take actions like logging in, providing personal information or downloading "tools". If you have received one of this emails, DO NOT OPEN IT OR ACCESS ANY OF THE LINKS.
To check the latest information from Intuit on how we protect your data and how you can protect yourself from e-mail scams and other security risks, go to the Online Security Center page. Also, scroll down to the Security Alerts box which shows the current and reported security alerts associated with scam emails.
- If you are able to find the associated Security Alert, select it to see instructions listing any actions you'll need to take.
- If you are unable to find an associated Security Alert, please contact Intuit Support for the product that is referred to in the suspicious email. Intuit Support can help you determine if the email is from Intuit or a possible phishing email that needs to be forwarded to our security team for assessment.
Here are 3 common methods that phishers use in their e-mails
- Spoofed e-mail address. Don't reply to unsolicited e-mail and don't open e-mail attachments. It's easy to fake a From or Reply To address, either manually or with spam software, so never assume an e-mail is real by looking at its header. You might be able to spot fake addresses by checking for domain name misspellings, but this isn't foolproof. Some e-mail service providers combat the problem of spoofed addresses by using authentication techniques to verify a sender's integrity.
- Fake link. When in doubt, never click on a link in an unsolicited or suspicious e-mail. Scam e-mails can contain a hidden link to a site that asks you to enter your log on and account information. A clue: if the e-mail threatens you with account closure if you don't log on soon, you could be the target of phishing. You may be able to tell if a link is real by moving your mouse over it and looking at the bottom of your browser to see the hidden Web address - it will look different than the one you see on the surface.
- Forged Website. If you must visit a financial site, like your bank or credit card company, enter its known address into the browser location field manually. Use a browser with an anti-phishing plug-in or extension, like Firefox version 3 or higher or Internet Explorer 7. These browsers warn you about forged, high-risk sites. Phony Web sites mimic real sites by copying company logos, images, and site designs. Malicious webmasters can also use HTML, Flash or Java Script to mask or change a browser address.
Here's what you can do to protect yourself from a phishing attack:
- If you suspect you have received a phishing e-mail from Intuit, please forward it immediately to email@example.com. We will look into each reported instance.
- Make sure you subscribe to an anti-virus software and keep it up-to-date.
- Make sure you have updated your web browser to one that includes anti-phishing security features, such as Internet Explorer 7 or Firefox version 3 or higher
- Make sure that you keep up to date on the latest releases and patches for your operating systems and critical programs. These releases are frequently security related.
- Do not respond to e-mails asking for account, password, banking, or credit card information.
- Do not open up an attachment that claims to be a software update. We will not send any software updates via e-mail.
- Make sure you have passwords on your computer and your payroll files.
Our commitment to you:
What we won't do:
- We will never send you an e-mail with a "software update" or "software download" attachment.
- We will never send you an e-mail asking you to send us sign-in or password information.
- We will never ask you for your banking information or credit card information in an e-mail.
- We will never ask you for confidential information about your employees in an e-mail.
What we will do:
- We will provide you with instructions on how to stay current with your Intuit product.
- We will provide you with information on how to securely download an update from your computer.
- If we need you to update your account information, we'll request that you do so by signing in to your account or contacting Intuit.