2015.02.06 Phishing Attempt, "TurboTax Update !"

We've received reports of a phishing attempt being received by CalArts accounts that looks as though it's coming from TurboTax.  The message looks pretty convincing, but gets very small details wrong, like the spacing before exclamation marks:


When we strip away the graphics of the site the forgery really becomes clear:


The attackers are spoofing the "from" address to look like it's coming from a real Intuit account.  That's clever because even if you reply to the email the account you're replying to isn't monitored by Intuit.  

What they have done, however, isn't terribly innovative.  A link is hidden behind the Click Here button that leads to a page that looks like a proper Intuit / TurboTax login page.  But when you type in your username and password nothing happens, it just gives them the name and password you've entered!  

If you were to login to your real TurboTax account you have now given the attackers access to your tax documents!


Have more questions? Submit a request


Please sign in to leave a comment.