A number of fraudulent emails have gone out recently purporting to be from Intuit. The latest one claims to be from the QuickBooks Update Center and contains the subject line "Intuit Secure Update. This email is not legitimate. Ignore it and delete it.
For reference, the text of the fraudulent email is as follows:
From: QuickBooks Update Center [mailto:software@quickbooks.intuit.com]
Subject: Intuit Secure Update
As is the case with many companies that maintain large databases of information, Intuit is the target of fraudulent attempts to get access and extract information from its database. We recently watch our database was illegally accessed and certain contact and account information were taken, including QuickBooks email addresses, names, phone numbers. The data accessed does not include banking information.
Immediately upon learning about this, Intuit started an investigation and took corrective steps. It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information.
In order to help assure the security of your information, we have developed a special plug-in for browser and Windows® - QuickBooks Update. This software will protect yours private information from any kinds of spyware or malware.
System requirements :
* Windows XP, Vista, 2000, 2003
* Internet Explorer 6.x, 7.x, 8.x
ATTENTION: You will not be able to use our service without update from 17 of November 2009
Download :
* Windows® QuickBooks Update
* Internet Explorer plug-in
If you are not Microsoft Windows® user you can use our services as usual
Intuit has confirmed that this is a fraudulent email (for more details, see the Intuit security blog at http://security.intuit.com/alerts/alert.php?a=8). But even without their confirmation, it's pretty easy to tell. Here's how:
1. You can often spot a phishing attempt because it contains misspellings or poor grammar. In the above example, a phrase like "We recently watch our database was illegally accessed" is a big red flag that the email was probably written by a scammer whose first language isn't English.
2. Any email that requests personal information or asks you to download something is probably a phishing attempt. Legitimate companies do not ask their clients to re-supply information the company already possesses. Nor do they ask their clients to download plug-ins by clicking on an email link.
If you receive a phishing email, do not click on any of the links or consent to download anything. Forward a copy of the email to your IT administrator so that they're aware of the problem and can alert other users. Then delete the email from your inbox and trash bin.
No comments:
Post a Comment