Online Security Center Home > Security Alerts

Security Alerts

  • Fake Email: QuickBooks Security Notice (2/10/12)
    People are receiving an email entitled "QuickBooks Security Notice."
  • Fake Email: Tax Information Needed within 30 days (2/6/12)
    People are receiving an email entitled "Tax Information Needed within 30 days."
  • Legitimate Intuit Critical Notice (12/1/11)
    Customers are receiving an email entitled "Critical Notice" from Intuit and questioning whether it is phishing. This email is NOT phishing; is a legitimate email.
  • Fake Intuit Online Payroll Email (11/28/11)
    Customers are receiving an email entitled "Your Intuit Online Payroll Free Trial".
  • Fake QuickBooks Security Update Email (10/31/11)
    Customers are receiving an email entitled "QuickBooks Security Update".
  • Fraudulent TurboTax Message (04/15/11)
    Customers are receiving a fraudulent email entitled "Important Message About Your 2010 Federal Tax Refund".
  • Fake QuickBooks Security Update (04/6/11)
    We are seeing evidence of a fake QuickBooks Security update.
  • Epsilon Data Breach May Affect You (04/4/11)
    Epsilon, a large marketing company, had names and email addresses stolen. Be careful when clicking on any link in an email.
  • Fake QuickBooks Security Update (03/18/11)
    We are seeing evidence of a fake QuickBooks Security update.
  • Legitimate TurboTax Email (03/1/11)
    When requested, TurboTax sends customers information about downloading TurboTax software.
  • Phishing Alert from the IRS (02/23/11)
    Random individuals may receive a falsified e-mail claiming to be from the IRS."
  • Phishing Alert from NACHA Electronics Payments Association (02/23/11)
    Random individuals and/or companies may have received a falsified e-mail with the subject title "Rejected ACH Transaction." This e-mail appears to be from NACHA-The Electronic Payments Association telling them that there is a problem with an ACH transaction they have originated. The e-mail includes a link which redirects the individual to a fake web page which appears to be the NACHA website and contains a link which is almost certainly an executable virus with malware.
  • EFTPS notification: your account is blocked (11/09/10)
    Customers are reporting the receipt of a PayChex and TurboTax phishing email.
  • Your Paychex and Tax payment has been rejected phishing email (09/20/10)
    Customers are reporting the receipt of a PayChex and TurboTax phishing email.
  • IRS Phishing Scam (09/10/10)
    The IRS is reporting a new wave of phishing scams.
  • Phishers never rest (09/02/10)
    Just a reminder that phishers never rest and your best protection is awareness.
  • Zeus malware attacking financial institutions (07/12/10)
    A Zeus malware gang is targeting online banking customers of 15 leading US financial institutions by exploiting two trusted credit card security programs.
  • Legitimate TurboTax Privacy Notification Email (06/11/10)
    Every year, TurboTax sends a notice to customers about our marketing practices with regard to customer information.
  • Legitimate QuickBooks Update Email (06/09/10)
    QuickBooks customers received an email about a new update for QuickBooks Pro, Premier, Simple Start 2010 and Enterprise 10.0. This is a legitimate email.
  • Phishing Alert for Intuit Small Business Customers-- security software (05/18/10)
    Intuit is receiving reports of individuals receiving fraudulent emails for Intuit Small Business Customers. The email asks customers to install Intuit Secure Software. Customers should delete this email. As we discover these fraudulent sites (cyber criminals often use the same email repeatedly with some variations, although they change web sites), we take them down.
  • Legitimate Update for QuickBooks Pro, Premier, Simple Start 2010 and Enterprise 10.0 (05/07/10)
    Intuit recently released an update QuickBooks Pro, Premier, Simple Start 2010 and Enterprise 10.0. The text of the email message sent out to QuickBooks customers is shown below.
  • Legitimate email from TurboTax about a Georgia Single Family Residence Tax Credit (03/30/10)
    IMPORTANT UPDATE FOR some TurboTax Customers: Intuit is sending an email to notify our customers about a Georgia Single Family Residence Tax Credit.
  • IRS unveils 2010 list of notorious tax scams-the "Dirty Dozen" (03/23/10)
    IRS has unveiled its latest list of notorious tax scams, which it calls the "Dirty Dozen," highlighted by schemes involving phishing, hiding income offshore and false claims for refunds. IRS warns that these tax schemes are illegal and can lead to problems for both scam artists and taxpayers who risk significant penalties, interest and possible criminal prosecution.
  • Legitimate email from TurboTax about a dependent qualification issue (03/10/10)
    Intuit is sending an email to notify our customers about a dependent qualification and credit issue. We are also reaching out to customers by phone. Given the number of phishing emails worldwide, TurboTax wants to ensure customers know this email is legitimate and that customers who receive the email should follow the instructions given.
  • Phishing Alert for Intuit Small Business Customers-- digital certificate (03/8/10)
    Intuit is receiving reports of individuals receiving fraudulent emails for Intuit Small Business Customers. The email asks customers to download a Digital Certificate. Customers should delete this email. As we discover these fraudulent sites (cyber criminals often use the same email repeatedly with some variations, although they change web sites), we take them down.
  • Phishing Alert for QuickBooks Customers--security plug-in or digital certificate (03/1/10)
    Intuit is receiving reports of individuals receiving fraudulent emails from QuickBooks or QuickBooks Online. The two separate emails ask customers to either download a plug in to assess their security or download a Digital Certificate. Customers should delete either of these emails. As we discover these fraudulent sites (cyber criminals often use the same email repeatedly, although they change web sites), we take them down.
  • Phishing Alert for Intuit Payroll Customers (1/11/10)
    Some customers received an email from "Intuit Online Payroll" about updating security features by clicking a link and signing into their payroll service.
  • Phishing Alert from NACHA Electronics Payments Association (11/12/09)
    Random individuals and/or companies may have received a falsified e-mail with the subject title "Rejected ACH Transaction." This e-mail appears to be from NACHA-The Electronic Payments Association telling them that there is a problem with an ACH transaction they have originated. The e-mail includes a link which redirects the individual to a fake web page which appears to be the NACHA website and contains a link which is almost certainly an executable virus with malware.
  • QuickBooks ActiveX Controls (10/26/09)
    QuickBooks 2009 and older Security Issue Related to ActiveX: We've recently released a fix to address a potential security vulnerability within QuickBooks. The issue was related to the use of ActiveX technology in some versions of QuickBooks. On learning about the issue, we fixed the problem, tested the fixes within the identified versions of the software, and have released updates that will address the vulnerabilities. We are unaware of any customers affected.
  • Fraudulent Emails (9/16/09)
    Intuit's name is being misused in fraudulent emails sent to QuickBooks Online and Intuit Online Payroll users.
  • Fraudulent Job Postings (6/22/09)
    Intuit's name is being misused in a series of fraudulent classified advertisements under various headings, including "Treasury Finance And Payroll."
  • Conficker Worm (3/30/09)
    Conficker is a worm which can exploit systems that are not protected. It is set to "call home" on April 1, 2009. Because of the unknowns associated with this worm, Intuit feels it is vital to update our customers and help them protect their information
  • P2P File Sharing (3/3/09)
    Intuit is committed to helping people protect their personal and financial information and is continuing to advise consumers that using file sharing software can lead to certain, unintended risks, including unknowingly and inadvertently sharing sensitive, personal information.
  • Coreflood Virus (2/16/09)
    Intuit has learned about malicious software called the Coreflood virus. This virus steals log in credentials and other sensitive information.
VeriSign
TRUSTe Certified Privacy Seal