14 DAY TRIAL // News about the FBI investigating filing of fraudulent tax returns through Intuit’s TurboTax software did not pass unnoticed by cybercriminals, who have deployed a phishing campaign for harvesting personal and financial information.
The emails claim to be from Intuit and have various themes, from notifying of a bogus security check or of a fake tax return status to informing that the account with the service has been locked due to a larger period of inactivity.
Company sees increase of phishing emails
TurboTax is a tax preparation application that allows residents in the US to file their taxes in an easy way, including automatic calculation costs, deductions for refunds or income and expense during a year’s time.
The application has a free version, and hundreds of thousands of users rely on it for filing their taxes, which makes for a huge audience cybercriminals could exploit.
Intuit’s security alert page has grown lately with new examples of phishing, no less than ten alerts having been issued since the beginning of the week. Most of them have spoofed sender addresses and some contain TurboTax graphics to increase the confidence level of the recipient.
In all versions of the fraudulent emails received by Intuit, there is a link the potential victim has to access to log in to their account and solve the problem described in the message.
TurboTax accounts hold info crooks can use for identity theft
The URL loaded displays a fake log-in page that mimics the legitimate one, and all the information entered in the provided fields goes straight to the crooks.
The end goal of the crooks is to hijack the TurboTax account and to steal any personal information they find. Addresses, names and social security numbers can be used for identity theft operations, allowing the fraudster to apply and obtain credit from financial institutions in the name of the victim.
After logging into the fake web page, a form asking for personal and financial information may be displayed. A victim reaching this stage may be completely unaware of the scam since the page appears to be legit and the authentication process completes without a glitch.
Checking the URL in the browser's address bar to see if it matches a domain related to Intuit is one way to discover the fraud attempt.
Also, since log-in pages send sensitive information over the web, the connection is encrypted and the HTTPS (HTTP Secure) protocol is used. If the connection is not secure, chances are the page is part of a malicious operation.
