Filing your taxes late is risky enough, but now cybercriminals have made doing so even more dangerous thanks to a new tax scam making the rounds online.
Cybercriminals, hackers and other scammers often impersonate big brands in their attacks, and now, according to a new blog post from Malwarebytes, they’re abusing Google to target Intuit QuickBooks users.
Falling victim to this online scam doesn’t just mean that your taxes won’t arrive in time to the IRS, as the hackers behind it are stealing victims’ Intuit account credentials. With your username and password in hand, they can log in to and access your TurboTax, QuickBooks and Mailchimp accounts, which can be especially detrimental to small business owners and others who are self-employed.
Here’s everything you need to know about this new QuickBooks phishing scam and how to avoid falling victim to it.
From fake ads to phishing scam
Just like other recent phishing scams, this one uses malicious ads to target unsuspecting users.
When you search for QuickBooks on Google, an ad impersonating Intuit’s branding for “QuickBooks Online” can appear as the first search result. However, instead of taking you to the official QuickBooks website, clicking on it leads to a phishing site.
This fake site may not have the correct URL, but the hackers behind it have done their homework, as it perfectly mimics Intuit’s actual login page. By entering your username and password, you’re giving your sensitive login credentials directly to the hackers behind this scam.
One thing that sets this fake page apart from other less capable ones is that it shows a real two-factor authentication prompt. This is because it uses a man-in-the-middle technique that’s becoming increasingly common in the phishing kits bought by cybercriminals on the dark web to use in their attacks.
As a result, the hackers behind this scam are able to get a victim’s one-time passcode and use it to login to their actual Intuit account before the code arrives via text or email. Once they’ve taken over an Intuit account, they can then change its password and the victim now no longer has any control whatsoever over their account.
An easy scam to spot (and avoid)
Let’s face it, tax season is a stressful time for everyone in the U.S. and hackers are well aware of this, which is why they use it as a lure in their attacks. The same thing happens every year during Black Friday but since filing your taxes requires a lot more personal and financial data than holiday shopping, falling for a tax scam can be significantly worse.
In this case, carefully inspecting the phishing site’s URL is the easiest way to know something is off. Not only is it different from QuickBooks’ official website (https://quickbooks.intuit[.]com), but the product’s name isn’t even correct.
While the phishing site discovered by Malwarebytes was hosted at "quicckboorks-accounting[.]com/home," keep in mind that hackers have access to loads of different domains to use in their attacks. This way, when one is discovered and shut down, they can then quickly swap it out with another.
If you’ve been reading my stories for the past three years, you would know that falling victim to this scam is entirely avoidable with one simple trick. Now that hackers have weaponized Google Ads, you want to avoid clicking on ads in search results completely. Instead of clicking on the first result after searching for a product online, scroll down a bit and look for a company’s actual page before you click on anything.
I’m sure Google is already working on ways to prevent hackers and other cybercriminals from buying ad space in order to lead potential victims to phishing sites, but until this problem is squashed for good, you’re going to want to avoid clicking on any ads at all. If you do see a good deal on something you’re interested in or just want to learn more about a particular product or service, just search for it instead. However, make sure that you scroll down the page a bit to avoid any ads when doing so.
How to stay safe from tax scams
While the tips above can help you avoid falling victim to this particular scam, the guidance applies to a multitude of scams I’ve covered during the past few years. Since anyone can buy ad space online, so too can hackers.
If we were dealing with malware or a virus, I’d recommend signing up for and installing the best antivirus software on all of your devices. Since this is a phishing scam though, you’re better off investing in one of the best identity theft protection services.
While antivirus software can stop an infection before it starts, identity theft protection can help you deal with the fallout from a scam or an attack after the fact. These services not only help you get your identity back but they also include identity theft insurance to cover any funds lost to fraud and to pay for any legal expenses.
Tax season is stressful enough, so you’re going to want to prepare accordingly and start the process early. However, you’re also going to want to be extra careful online during this time because tax scams have become as certain as taxes themselves.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
