Recognize Suspicious Email & Websites


On the Internet, "phishing" refers to criminal activity that attempts to fraudulently obtain sensitive information. There are several ways a fraudster will try to obtain sensitive information such as your social security number, driver's license, credit card information, or bank account information, often luring you with a sense of urgency.  Sometimes a fraudster will first send you a benign email (think of this as the bait) to lure you into a conversation and then follow that up with a phishing email.  At other times, the fraudster will just send one phishing email that will direct you to a website requesting you to enter your personal information such as User ID and Password.

Recognizing a fake

Here are some questions to ask if you think you have received a phishing email.  You can use these same questions if you receive a vishing or smishing message:  

  1. Do you know the sender of the email? If yes, continue to be cautious before clicking a link.  If no, do not click any links.
  2. Have you checked the link? Mouse over the link and check the URL.  Does it look legitimate or does it look like it will take you to a different website?
  3. Does the email contain grammatical errors? If so, be suspicious.
  4. Are there any attachments in the email?  If so, do not click on the attachment before contacting the sender to verify its contents.
  5. Does the email request personal information?  If so, do not reply.
  6. If you have a relationship with the company, are they addressing you by name? 


How to validate the email you received came from Intuit and what to do if you think you have received a phishing email: 

To protect your privacy, please do not click any of the links or reply to the malicious email.  When you receive a suspicious email claiming to be from Intuit, please follow these steps:

  1. Sign in to your Intuit account
  2. Access your account's security settings
  3. Find "Account Activity" and select View.  A history of events involving your account will display.
  4. If you find an event marked with an email icon that matches the content, date, and time of the email you are verifying, you'll know the email is from Intuit.  You may also see a ref code that can be matched to the email.
  5. If you don't find a match, forward the email immediately to  We will look into each reported instance.

You can also go to Security Alerts where all known phishing emails targeting the Intuit brand are posted.  If you find a similar email, please delete the email you received as well as remove it from your trash.  There are no further steps necessary; however, if you do not find a similar email, please forward the email to for further investigation.


Our commitment to you:

What we won't do

  1. We will never send you an email with a "software update" or "software download" attachment. When it is time to tell you about an update, we will give you instructions on how to manually update from the product or direct you to enter the website name. Some of our products have an “auto-update” feature, which is the preferred method.
  2. We will never send you an email asking you to send us your login or password information.
  3. We will never ask you for your banking information or credit card information in an email. 
  4. We will never ask you for confidential information about your employees in an email.

What we will do

  1. We will provide you with instructions on how to stay current with your Intuit product, and we will provide you with information on how to securely download an update from your computer.
  2. If we need you to update your account information, we will request that you do so by logging into your account or calling an established (or verifiable) Intuit number.