Gone Phishing: TurboTax Alerts Customers to Stay Alert Following Epsilon Email Hack


You probably already know to never confirm your Social Security number or bank account details by email or over the phone, but there’s something about tax-time jitters that can make even the most level-headed adult lose their cool.

But don’t fall prey to a cyber-crook claiming to be with the IRS – the truth is, the IRS never contacts anyone by email and rarely contacts people by phone.

That’s one of the reasons Intuit, which markets the popular TurboTax software, has warned customers to be vigilant about potential identity theft scams.

This warning follows the massive data breach at online marketer Epsilon, in which millions of customer names and emails were exposed. Verizon, Chase, Best Buy, Tivo, Citibank, Capital One, American Express, and Walgreens, just to name some of the 50+ victimized companies, have been sending out mea culpa warning emails since the breach was announced.

Despite Intuit not being one of the companies affected by the Epsilon data breach, the software company didn’t waste any time alerting users to take steps to be even more cautious as Tax Day looms.

That’s because even though “only” names and emails were exposed, hackers can use that data for phishing and malware distribution. This could come in the form of an attachment or link in an email; if you are unsure about an email, delete it — do not forward it or reply.

Intuit Safety Tips

According to Intuit, here is what you can do to protect yourself from a phishing attack:

  • If you suspect you have received a phishing email from Intuit, forward it immediately to spoof@intuit.com.
  • Subscribe to an antivirus software and keep it up-to-date.
  • Make sure you have updated your web browser to one that includes anti-phishing security features, such as Internet Explorer 7 or Firefox version 3 or higher.
  • Keep up to date on the latest releases and patches for your operating systems and critical programs. These releases are frequently security related.
  • Do not respond to emails asking for account, password, banking, or credit card information.
  • Do not open up an attachment that claims to be a software update – Intuit does not send any software updates via email.
  • Make sure you have passwords on your computer and your payroll files.

In addition, here are three common methods that phishers use in their emails:

  • Spoofed email address. Don’t reply to unsolicited email and don’t open email attachments.
  • Fake link. When in doubt, never click on a link in an unsolicited or suspicious email. Scam emails can contain a hidden link to a site that asks you to enter your log on and account information.
  • Forged website. If you must visit a financial site, like your bank or credit card company, enter its known address into the browser location field manually. Use a browser with an anti-phishing plug-in or extension, like Firefox version 3 or higher or Internet Explorer 7.

Credit Safety

What will you do to ensure you haven’t been a tax-time identity theft victim? It certainly wouldn’t hurt to check your credit report in the next few weeks to confirm that no suspicious activity has happened recently.

Have you ever gotten a spoof IRS email? How did you handle it?

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Elaine Rigoli

Elaine Rigoli is PRIVATE WiFi's manager of digital content strategy.