Intuit Phishing Attacks Target CPAs for 2022 Tax Season

The tax software company Intuit recently released two formal warnings regarding phishing emails ahead of the April 15th tax deadline. You can read the full security notices here. 

The security notices follow customers receiving phishing emails purporting to come from the company. Following reports of such phishing emails, the company has urged recipients not to click links or attachments and never to reply to emails if they seem suspicious. 

Email phishing attacks always ramp up in the months before tax season. Attacks are focused on tricking people into logging into secure accounts on what seems like a legitimate website (they are typically fake) to steal the user’s credentials. Tax companies and users preparing tax returns are targeted due to the substance of the data, which contains the sensitive identity and financial information.

Email phishing attacks remain popular for one simple reason: they repeatedly continue to work . As we head into tax season, be extra vigilant to such attempts. Attempts are successful due to human error (meaning it takes a person clicking a link or attachment). In addition to impersonations of Intuit, be aware that cyber actors frequently pretend to be IRS agents via email or phone to steal taxpayers’ personal information or money.

Tips to Avoid Phishing During Tax Season

1. Never click suspicious links or attachments (this rule applies whether in tax season or not).
2. Never reply to a suspicious email from a company if you are (1) not expecting the email or (2) cannot call and confirm the sender.
3. If you receive a notice from the IRS or a tax software company (such as Intuit), log in to your account to confirm the notice is legit. Such notices will live in your account. You can also call the company to confirm.
4. Never give payment information over the phone. IRS payments should always be made via mail or the secure IRS web pay website.
5. If you unknowingly click a malicious link or attachment, call your IT security team immediately and change all relevant passwords.

Phishing remains an old but still very relevant form of cyber attack. It’s vital to understand times of the year when you may be at greater risk of being targeted for this type of attack. Tax season is one such time.

PK Tech supports small to medium-sized businesses in the Greater Phoenix Area. If we can support the IT security needs of your organization, get in touch with us here. 

You can also evaluate your firm’s FTC Safeguards Rule readiness by taking our quiz.