| The NJCCIC’s email security solution observed a new phishing campaign targeting Intuit login credentials. In this campaign, threat actors send an email impersonating accounting software Intuit QuickBooks. While the spoofed email address may appear to come from Intuit at first glance, the domain used in this campaign is intuit[.]net, which is not an official Intuit domain. |
| Users are prompted to click the link provided to fix a payment record discrepancy. The threat actors use a URL shortener provided by X (t.co) to obfuscate the link’s destination. If clicked, users are redirected to a phishing page designed to appear as the Intuit login page. If credentials are entered, the information is forwarded to threat actors. This campaign may also collect short message service (SMS) multi-factor authentication (MFA) codes. |