How to help protect your business and data from fraud

Data security and fraud prevention are two of the biggest challenges facing small business owners today.

When scammers gain access to sensitive personal information, such as customer data, log-in credentials, and account information, the results can be disastrous.

Scammers can steal your credit card information, PINs, and security codes to make unlawful transactions. A data breach at your small business might also lead to Social Security number theft, identity theft, tax ID theft, data mining, and even loss of control over your accounts.

While some might think large companies are the only ones at risk for a data breach, small businesses are often affected as well. In fact, according to the Association of Certified Fraud Examiners, when it comes to fraud and loss, small businesses lose almost twice as much money per year compared to larger companies.

Data protection is a complicated responsibility for small business owners who often have limited resources to implement fraud prevention controls. However, busy owners do not always need complicated analytics to understand fraud risk factors and to take steps, such as fraud detection, to protect their business.

Intuit’s tips: How to avoid a scam

At Intuit®, we value your data security and want to help keep your sensitive information protected. With cybersecurity threats on the rise, we have put together these tips for Intuit customers.

For more information, Intuit publishes security alerts and resources, and you can find all posted alerts online.

Bad actors may attempt to lure victims by:

• Displaying unauthorized sponsored ads claiming to be “QUICKBOOKS SUPPORT.”
• Sending unauthorized emails and invoices impersonating QuickBooks®, requesting payment of a non-existent invoice.
• Cold-calling small businesses falsely claiming to be “QuickBooks” or “Intuit,” and claiming that the small business requires an unnecessary update or they need to pay an overdue invoice.

How to reach QuickBooks Official Support:

• If you need assistance with your QuickBooks Online software, access help through your product and avoid using search engines, such as Google or Bing, to search for support phone numbers. Here is a link to your in-product support.
• If you need assistance with your QuickBooks Desktop software, access help through your product by going to the help menu and selecting “Contact Us.”
• You may also go to our help page for more information: QuickBooks Official Contact Us Page.

Here are steps to help protect yourself from fraudulent emails:

Always be suspicious of an email that asks for personal information, requires you to download anything, requests your authentication information to access your online account, or asks for payment when you have already paid for your service or subscription.

What to review in a suspicious email:

• Check the “From” address to see if it has a legitimate Intuit email address.
• Check the email domain (what appears after the @) and see if it is a real Intuit website.
• If there is a phone number, search the phone number on the internet to see if it really is associated with Intuit. If suspicious sites appear in the search results, delete the email.
• Mouse over (DO NOT CLICK) on any links within the body of the email to review for suspicious links. If the link is not associated with Intuit or a trusted Intuit partner, do not click any links.
• Do not download any tools.

You will find more information about protecting yourself from phishing schemes on the Federal Trade Commission website.

Here are steps to help protect yourself from fraudulent phone calls:

Always be suspicious of phone calls if you don’t know the phone number on the caller ID. Be suspicious if a caller immediately asks for sensitive personal information or claims you owe money for something for which you have already paid.

If a caller phones you and claims to be from Intuit or QuickBooks, question whether you were expecting a call from QuickBooks. You may also choose to hang up and call an Intuit phone number you can find on an Intuit website and request to be transferred to the caller or department. Access our QuickBooks Official Contact Us help for more information.

Be wary if a caller is contacting you about a promotion or upgrade to your Intuit account. Scammers may entice you to give them your account information by suggesting you have won or earned something unexpectedly, or that they have “detected” an issue with your subscription.

Push back on callers who talk fast in order to get you to agree to new charges or payment method. High pressure tactics, such as fast talking and quick closing, are often used to force you into a bad decision.

QuickBooks never uses auto-calling or robo-calling to contact you. If you receive a robocall claiming to be from QuickBooks or Intuit, please report it as a potential scam.

Access more information about phone scams to educate yourself and your staff.

Tips on what to do if you came in contact with a scammer impersonating Intuit:

1. Report the encounter to Intuit at spoof@intuit.com.
2. If you paid the scammer, call your credit card or bank, and reverse the charges as quickly as possible. You may also want to cancel the credit card or change your account number.
3. If you or the scammer downloaded anything on your computer, including a remote access tool, be sure to uninstall and delete them.

Some downloads may contain malware, which will require you to take stronger measures to disinfect your system. You may want to seek help from a consultant or a systems repair firm.

1. Scan your system using an anti-virus program from a respected security vendor, such as Trend Micro, McAfee, Symantec, or Microsoft, to remove any viruses that may infect your computer. Several of these vendors also offer free online security tools.
2. Change your password(s), particularly those involving financial information, your QuickBooks login credentials, bank account logins, credit cards, and even your email accounts.
3. Review your QuickBooks Account:

• Make sure all contacts/users on your QuickBooks account are up to date, including accountant users.
• Confirm the Master Administrator on the account is accurate.
• Confirm all your billing information is correct.

1. Be mindful of any unusual activity on your computer, as well as your bank and credit card accounts.

We also recommend that you report any suspicious activity to the appropriate government agency in your country:

• In the United States, use the FTC Complaint Assistant form, or the FBI’s Internet Crime Complaint Center.
• In Canada, the Canadian Anti-Fraud Centre can provide support.
• In the United Kingdom, you can report fraud, as well as unsolicited calls.
• In Australia, you can use the ScamWatch website to report a scam.