Online security tips

Our experts put together these tips to help you keep your information safe as you live your life online.

  • Fake emails are designed to look like the real thing so that you'll share your information with them thinking you’re interacting with a company you're familiar with. If you get an email you’re not sure about, ask yourself these questions before you do anything.

    • Do you know who sent the email?

      Even if you know the sender, you should still be careful before clicking any links or opening any attachments. If you don't know who sent the email, don’t click any links.

      If you know the sender, you can call them directly to see if they sent the message you’re not sure about.

    • Does the link look right?

      Mouse over the link to see where the URL goes. Click the link only if it takes you to a legitimate website.

    • Do you see grammatical errors?

      Scam emails often have grammatical errors.

    • Does the email include an attachment?

      Only open attachments after the sender confirms it's real.

    • Does the email ask for personal information?

      Never give out your personal information in an email.

    • Does the email use your first name?

      If you have a relationship with the company, real emails from them will probably address you by your first name.

  • Scammers sometimes pretend to be real companies, including Intuit and send customers emails that look similar to ours. Follow these steps to check if an email you got from Intuit about your account is real.

    1. Sign in to your Intuit Account and go to "Sign In & Security."
    2. Find “Account Activity” and choose “View.” You should see a list of events for your account.
    3. If you find an event with an email icon matching the content, date, and time of the email you’re not sure about, you’ll know the email is from Intuit. You may also see a reference code you can match to the email.

    This list includes emails we've sent you about your Intuit Account (notifications about signing in from a new device, password updates, etc.). It won’t include marketing emails, or emails from companies we work with for marketing and customer support.

    What we’ll never email you about

    • We won’t ask for your sign-in or password information.
    • We won’t ask for your bank or credit card information.
    • We won’t ask you for confidential information about your employees.
    • We won’t send you a software update or download as an attachment. When it’s time for an update, we’ll let you know how to update the product yourself. Some of our products automatically update.

    What we will email you about

    • We’ll send you instructions for updating your Intuit offering. We’ll let you know how to safely download the update.
    • We’ll ask you to sign in to your Intuit Account if we need you to update your account information.
    • We might also ask you to call us.
    • Companies we work with might also email you on our behalf for customer service, marketing, or to provide you related products or services.

    Check out our security notices for up-to-date information on email scams that target Intuit customers. You can search for the subject line of the email you received to see if other customers have reported that email to us. Go to security notices

  • Scammers may pretend to offer tech support for a nonexistent problem with your computer. They're really after your money or information. Knowing how to tell real customer support from a scam can help you avoid falling for this type of fraud.

    How customer support scams work

    These scams work by convincing you there’s a problem with your computer — a problem you need tech support to fix. You might see a pop-up on your computer telling you to call a toll-free support number. The pop-ups look real, but they’re not. Fraudsters use company logos to gain your trust.

    Instead of a pop-up, you might get a phone call from someone who says they detected a virus on your computer. Either way, don't talk to them. We don't use pop-ups to let you know about problems with your computer. We might call you, but not about an issue with your computer.

    Usually these scams work by tricking you into paying for fake tech support services. You likely don't need these services, and they probably won’t do what they say anyway. Sometimes these scams work by convincing you to allow a scammer remote access to your computer. That way, they gain access to sensitive information you have on your computer. They might even threaten to delete or hold your data for ransom if you don't pay them.

    Tips on avoiding customer support scams

    • Ignore phone numbers you see in a pop-up.
    • Find a legitimate contact number on the company’s website.
    • Connect via online chat, if it's available.
    • Hang up if you get a customer support call you aren't expecting, and call back using a number you can verify.
    • Give remote access to your computer only if you're sure the support is legitimate.

    What can you expect from Intuit

    • We will never use pop-ups telling you to call us.
    • We might call you about your Intuit Account, but not about fixing your computer.
  • Online scams aren't all the same. They might have funny names, but being a victim of one of these scams is no joke.


    Phishing is an internet scam designed to get sensitive information, like your Social Security number, driver’s license, or credit card number.

    Not all phishing scams work the same way. Sometimes they try to create a false sense of urgency to get you to respond. Other times they send you an email that seems harmless, and then send you an email asking for your information. They might also try to get you to visit a website that asks you for your username and password. You should only enter your username and password if you’re confident the website is legitimate.


    Pharming is a computer scam that redirects clicks you make on a website to a fraudulent site without you knowing.

    This scam only works when a fraudster is able to install code on your computer. They usually trick people into installing the code, so you might not know it's there. Following basic security tips will make it harder for anyone to deliver bad code to your computer.

    Be extra careful when you enter financial information on a website. To be sure the site is safe, make sure you see an "s" in the "https" part of the address. Look for a lock symbol in your browser's address bar. If the site looks different than the last time you were there, don't click any links until you're sure the site is secure. Pay attention to the domain, too (like the "Intuit" in Don’t trust the website if it doesn’t look right.


    Vishing is a phone scam that works by tricking you into sharing information over the phone.

    Fraudsters then can use your information to steal your identity, get access to your financial accounts, or open new accounts you don’t know about. This scam uses social engineering to get information out of you, but there are ways you can help protect yourself.

    If you get a call, or an email asking you to call them, look up their customer service number and call that number. Don’t call the number they give you over the phone or in the email if you're not sure it’s legitimate. Forward the email you got to the legitimate company’s customer service or security email address and ask if it's real.


    Smishing is a text message scam designed to get information from you.

    The text messages have a URL or a phone number. Smishing scams usually try to get you to respond right away. The phone number often goes to an automated voice system. A lot of smishing messages come from a "5000" number. That's a hint that the message might have come over email, not another phone. If you get a message you think might be a smishing scam, don't reply.

  • Keeping an eye on your credit report is a great way to help ensure your information is safe. If you think you might be a victim of identity theft, you'll want to contact a credit reporting agency right away.

    Credit monitoring services

    These services are a great way to help protect yourself from identity theft. You can get notifications about your credit report. There are different credit monitoring services out there, so you should make sure to choose the right one for you. You'll want to know exactly what they're monitoring. Do they notify you when someone requests credit information about you? What about if your credit report changes or a new account is opened in your name?

    Remember, using a credit monitoring service won't necessarily prevent identity theft, but it can be helpful. Keeping an eye on your credit can help you spot identity theft early. One of the best things you can do to help prevent identity theft is to be careful about the information you share.

    Freeze your credit report

    You can make it harder for fraudsters to steal your identity by freezing your credit report. When you freeze your credit, no one can access it until you're ready to. You can freeze your credit by sending a written request to the credit reporting agencies (Equifax, Experian, and TransUnion). They can help you get access to your credit when you need to. There may be fees associated with freezing your credit. Check the credit reporting agencies' websites for more information.

    Credit rating organizations


    Report Fraud:


    Order a credit report


    P.O. Box 740241

    Atlanta, GA 30374-0241


    Report Fraud:


    Order a credit report


    P.O. Box 1017

    Allen, TX 75013-0949


    Report Fraud:


    Order a Credit Report


    Fraud Victim Assistance Department

    P.O. Box 6790

    Fullerton, CA 92834

  • It's not always easy to know if a company is legitimate, but there are ways to know what to look for to avoid fake companies or scam websites.

    Know who to trust

    One of the best ways to protect yourself from fraud is to know who you’re doing business with. Lots of websites look professional and safe, but really aren’t. Knowing what to look for can help you tell the difference between scams and sites you can trust. The Better Business Bureau also has information about online fraud.

    What to look out for

    • Take your time if you’re thinking about buying something. Pressure to buy right away is a bad sign.
    • Getting emails asking for your personal information is suspicious. Only share your information when you’re sure it’s safe.
    • If you get a customer support call you're not expecting, make sure the caller is who they say they are.

    What you can do

    • If you're not sure about a company, check with the Better Business Bureau to see if it's legitimate.
    • If you're not sure about a website, check their privacy policy. Make sure you’re comfortable with what it says.
    • If you aren't sure about an email you got from someone you do business with, get their phone number from their website so you know it's legitimate and call them directly to see if the email is real.
    • Search their phone number online to see if suspicious search results or complaint sites appear.
    • If you’re making a purchase, check return policies before you buy.
    • If you need a password to log in, use a different password for every site.
    • If you share credit card information, look for the "s" in the "https" part of the URL. Keep an eye on the URL to be sure you’re still on the right website.

    Tips from the Better Business Bureau

    To help you shop safely online, use these common sense tips:

    • Looking professional isn’t enough to guarantee a website is safe.
    • Get to know the company or seller before you buy.
    • Find out where the company is located to avoid offshore scams.
    • Give your bank information, credit card number, or personal information only when you’re sure the company is real.
    • Pay with a credit card to be protected under the Fair Credit Billing Act.
    • Start with a small purchase to see how the company handles your order.
    • Use a secure browser that encrypts your information.

    Visit the Better Business Bureau online to learn more

  • You can make it harder for fraudsters to take advantage of your information with some safety basics. From password recommendations to keeping your computer updated, learn what you can do to stay safe online.

    Password tips

    It's important to keep your password secret, but that’s not all you can do to help protect yourself. Use these tips to help keep your online accounts as secure as possible.

    • Use different passwords for all your online accounts, especially the email account on your Intuit Account. Reusing the same password makes it easier for someone to access your accounts if a site you use is hacked.
    • Avoid using people's names, special dates, or complete words. They’re easy to guess and don't make strong passwords.
    • Use syllables or acronyms. One option is to start with the first letters of a familiar phrase. For example, "Mary had a little lamb" becomes "Mhall," which could be part of a secure password.
    • Mix up uppercase and lowercase letters, numbers, and special characters like &^%$.
    • Change your password often, especially for financial and email accounts.
    • Keep your passwords safe, where no one else can find them. Consider using a password manager — a program for storing passwords.

    Username tips

    Your username and password work together to help keep your accounts secure. Here are some tips for choosing a good username.

    • Pick a simple name you can remember.
    • Create a name you don’t need to keep secret. Your Social Security number is too sensitive.
    • Decide if you want to be anonymous. Some sites show your name next to your public posts.
    • Keep in mind, you might not be able to change your name later.

    Other things to think about

    Following basic safety tips can help you keep your information safe.

    • Protect your computer with anti-virus software. Set it to update and scan your system automatically.
    • Keep your browser up to date. Install updates when they’re available. They usually include security updates.
    • Contact your bank and any other financial institutions you use if you’re a victim of identity theft. You should also reach out to the credit reporting agencies.