Email Security Blog

Fresh Phish: Intuit TurboTax Scams Are Back!

It is said that that the only things in life that are guaranteed are death and taxes, and with the end of year hurtling towards us, tax season is underway. I can barely remember when my birthday is, but April 15th is a date that never slips any of our minds. The phishing attack we’re sharing today is a clever attempt at domain spoofing, and plays off the victim’s anxieties by amping up the fear that their TurboTax account has been compromised.

The personal information collected through TurboTax, and ultimately sent to the IRS is highly sensitive information. Our name, address, and social security number are displayed prominently, often in triplicate. That’s what makes this particular phishing attempt especially crafty.

Fortunately for this customer, INKY flagged this attempt to attempt to steal their personal information, and the customer sent it to us to investigate further.

What does a domain spoofing email look like?

This is what the email looked like when it they opened it:


What happens if I click on a link in a scam email?


Well, in this case you are immediately presented with a spoofed website that looks for all intents and purposes like a QuickBooks log on screen:


The cybercriminal has even included Norton Secured and Trustee icons at the bottom right of the page and a helpful link to Intuit's actual privacy policy and licensing agreement to make it all seem more legitimate. These are the things that make this a clever phishing attempt, that actually hook even some of the most trained and tech-savvy employees in your organization!

How did INKY catch this fraudulent email?

INKY utilized its computer vision, AI, and Machine Learning algorithms to evaluate and assess the brand iconography, and immediately established that while the branding might look legitimate, the URL it came from was highly suspicious.

Adding Anti-Phishing Protection to Augment Existing Security Training

You might argue that in a desktop application a trained user might spot this discrepancy, but then you are relying on several things:

  1. Have they been trained for this particular phishing attempt?
  2. Do they have an innate knowledge of QuickBooks or Intuit URLs stored in their memory?
  3. Are they receiving emails on a desktop computer only, and not checking emails on their phone?

When a phishing email is received on a mobile device more often than not the header information is presented to the user making even the most well-trained, eagle-eyed employee a potential victim…

How can INKY help Protect Your Business from Phishing Attacks?

INKY provides a unified alert mechanism across all platforms, the brand impersonation banner than you see is uniform across desktop and mobile email applications providing the user with complete coverage regardless of where they hooked the phish.


Subscribe to our blog for our next catch of day, and remember, next time we meet INKY will have learned all kinds of new tricks.


Schedule a demo today to see how you can protect your business from getting hooked by these types of phishing attempts.


Request Demo