Questions about account breach

B_step · ‎December 19, 2022

A client of mine received a fraudulent voicemail from someone pretending to be Quickbooks saying they needed to renew their subscription. They spoofed what I believe is a legitimate QB number, [Removed] but requested a call back at [Removed].

Unfortunately, my client called them back and spoke to them. She didn't give them any passwords or payment information but did give them MFA passcodes that they had sent to her email and phone. Nothing further was done, they hung up the call after they got that information.

We of course had her reset her Intuit passwords but I'm trying to help her identify and look for any changes that could have been made. Since they just wanted the passcodes, we assume they gained access to her Intuit account but can't find any changes they would have made.

There are no new users added to the account, no change in payment information and we don't see any strange activity in the audit log of QBO.

She also has Lacerte and QBD but I can't see how they would have accessed those apps without access to her PC or their network, which I don't see any signs of.

Is there anything else we should be on the lookout for? She also didn't get any suspicious emails or texts confirming that anything had been changed.

Thank you.

Just_me · ‎December 19, 2022

Know and teach that Intuit/ QB will never call you for payment, credit card numbers or anything, unless you request it.

JamesAndrewM · ‎December 19, 2022

I commend you for reaching out here in the Community, @B_step.

You may want to navigate your company information to check for any changes done to your account. Here's how:

1. Go to Account and settings.

2. On the Company tab, scroll down to the bottom part and select Marketing Preferences.

3. You'll be routed to Intuit Account Overview, you can start checking for any possible changes from there.

Here, I'll tip you on how to identify official Intuit emails. Scammers send out emails to trick users into sharing personal information or download malware-infected attachments to gain unauthorized access to data sources. They also appear and claim to be associated with Intuit.

Also, if you receive any suspicious emails purporting to be from Intuit, please report them. Go to our Online Security Center to report the incident.

Here's how:

Go to this link: https://security.intuit.com/contact-us.
Look for Report technical support scams.
Click Report tech support scams.

To report strange calls, emails, or fraudulent activities, please email us at spoof@intuit.com. In addition, check out Intuit's article on email communication: Official email communication from Intuit Payments.

In addition, I recommend that you read this article to learn how to identify official Intuit correspondence and websites: Identify suspicious activity, phishing scams, and potential fraud.

If you have any further concerns, don't hesitate to post them here. Have a great day!

Fiat Lux - ASIA · ‎December 19, 2022

@B_step

Make sure your client didn't click anything in the email. Otherwise, they should consider to reinstall their computer from scratch.

Topics

Training

Community

Resources

Questions about account breach