Recognize suspicious emails and Web sites that can do you harm

On the Internet, "phishing" refers to criminal activity that attempts to fraudulently obtain sensitive information. There are several ways a scam artist will try to obtain sensitive information such as your social security number, driver's license, credit card information, or bank account information. Here is Intuit’s commitment to you, as well as some steps you can take to make sure your data is safe and secure.

Here are 3 common methods that phishers use in their emails:

  1. Spoofed email address. Don't reply to unsolicited email and don't open email attachments. You might be able to spot suspicious addresses by checking for misspellings or oddities, but this isn't foolproof so always be cautious.
  2. Suspicious link. When in doubt, never click on a link in an unsolicited or suspicious email. Scam emails can contain a hidden link to a site that asks you to enter your log on and account information. A clue: if the email threatens you with account closure if you don't log on soon, you could be the target of phishing. You may be able to tell if a link is real by moving your mouse over it and looking at the bottom of your browser to see the hidden Web address - if it looks different than the one you see on the surface do not click on it.
  3. Forged Web site. When you visit a financial site, like your bank or credit card company, type the URL into the browser manually. Use a browser with an anti-phishing plug-in or extension, like FireFox version 3 or higher or Internet Explorer 7 or higher. These browsers warn you about forged, high-risk sites. Phony Web sites mimic real sites by copying company logos, images, and site designs. Malicious webmasters can also use HTML, Flash or Java Script to mask or change a browser address.

Our commitment to you:

What we won't do

  1. We will never send you an email with a "software update" or "software download" attachment. When it is time to tell you about an update, we will give you instructions on how to manually update from the product or direct you to enter the Web site name and do so manually. Some of our products have an “auto-update” feature which is the preferred method.
  2. We will never send you an email asking you to send us your login or password information.
  3. We will never ask you for your banking information or credit card information in an email. We will never ask you for confidential information about your employees in an email.

What we'll do

  1. We will provide you with instructions on how to stay current with your Intuit product, and we will provide you with information on how to securely download an update from your computer.
  2. If we need you to update your account information, we will request that you do so by logging into your account or calling an established (or verifiable) Intuit number.

Here's what you can do to protect yourself from a phishing attack:

  1. If you suspect you have received a phishing email from Intuit, please forward it immediately to spoof@intuit.com. We will look into each reported instance.
  2. Make sure you subscribe to an anti-virus software and keep it up-to-date.
  3. Make sure you have updated your Web browser to one that includes anti-phishing security features, such as Internet Explorer 7 or Firefox version 3 or higher.
  4. Make sure you keep up to date on the latest releases and patches for your operating systems and critical programs. These releases are frequently security related. With some operating systems, you can turn on automatic updates. If you don’t know how to do so, check with your operating system manufacturer.
  5. Do not respond to emails asking for account, password, banking, or credit card information.
  6. Do not open up an attachment that claims to be a software update. We will not send any software updates via email.
  7. Do not respond to text messages or voicemails that ask you to call a number and enter your account number and pin.
  8. Make sure you have strong passwords on your computer and your account and/or payroll file.