The emails claim to be from Intuit (specifically firstname.lastname@example.org) with a subject header that says something like “Urgent update of tax information is requested” or “Tax information required within 30 days.” It may look like this:
In case you can’t make out the text, it says:
Dear Account Holder,
In our continuing effort to guarantee that exact data is being sustained on our systems, as well as to provide you better quality of service; INTUIT INC. has participated in the Internal Revenue Service [IRS] Name and TIN Matching Program.
We have discovered, that your name and/or Taxpayer Identification Number, that is stated on your account does not correspond to the data on file with the Social Security Administration.
In order to check the data on your account, please click here.
Corporate Headquarters2632 Marine WayMountain View, CA 94043
There are a few variations on this theme but largely, the gist is that they want you to confirm your tax identification number. Don’t. Don’t click on any links and don’t give out your personal information. The link likely contains a virus that could infect your computer or direct you to a site in order to steal your identity or otherwise access your financial information.
The emails that came my way were from an address in Poland marked as “an abusable web server” by my spam filter. The address was also flagged by Barracuda Reputation System (a real-time database of IP addresses) as having a “poor” reputation and is listed on the Barracuda Reputation Block List, a free DNSBL of IP addresses known to send spam.
If you get one of these, best to delete it. If you’re not sure, you can forward any suspicious emails purporting to be from Intuit to the company directly via email@example.com.
(Author’s update: I contacted the folks at Intuit who advised that you can find out more about these scams through their corporate security web site, security.intuit.com. Additionally, you can read more about a similar scam in January scam here.)