Avoid Phishing Scams and Spoofed Sites
On the Internet, "phishing" refers to criminal activity that attempts to fraudulently obtain sensitive information, according to Wikipedia.org.
There are several ways a scam artist will try to obtain your Social Security number, driver's license, credit card or bank account number.
Here's how to avoid getting caught in the Net.
- Spoofed email address. It's easy to fake a From or ReplyTo address, either manually or with spam software, so never assume an email is real by looking at its header. You might be able to spot fake addresses by checking for domain name misspellings, but this isn't foolproof. Best bet? Don't reply to unsolicited email and don't open email attachments. By the way, some email service providers combat the problem of spoofed addresses by using authentication techniques to verify a sender's integrity.
- Fake link. Scam emails can contain a hidden link to a site that asks you to enter your log on and account information. A clue: if the email threatens you with account closure if you don't log on soon, you could be the target of phishing. You may be able to tell if a link is real by moving your mouse over and looking at the bottom of your browser to see the hidden Web address -- it will look different than the one you see on the surface. When in doubt, never click on a link in an unsolicited or suspicious email.
- Forged Website. Phony Web sites mimic real sites by copying company logos, images and site designs. Malicious Webmasters can also use HTML, flash or Java Script to mask or change a browser address. If you visit a financial site, like your bank or credit card company, enter its known address into the browser location field manually. Use a browser with an anti-phishing plug-in or extension.
Note: You can help, if you suspect you have received a phishing email from someone impersonating Intuit, please forward it immediately (with the email headers intact, if possible) to spoof@intuit.com. We will look into each reported instance.
Recognizing fake emails
What we won't do
- We will never send you an email with a "software update" or "software download" attachment. When it is time to tell you about an update, we will give you instructions on how to manually update from the product or direct you to enter the Web site name and do so manually. Some of our products have an “auto-update” feature which is the preferred method.
- We will never send you an email asking you to send us your login or password information.
- We will never ask you for your banking information or credit card information in an email. We will never ask you for confidential information about your employees in an email.
What we will do
- We will provide you with instructions on how to stay current with your Intuit product, and we will provide you with information on how to securely download an update from your computer.
- If we need you to update your account information, we will request that you do so by logging into your account or calling an established (or verifiable) Intuit number.
Important: Not sure if it's really TurboTax behind that email? We can help. For the latest info on known phishing scams and how to report fraudulent emails, visit our Online Security Center.
Helpful Links
- Security at Intuit - Read security tips and external security resources, report phishing and contact Intuit Security
