"Phishing" means to trick someone for the purpose of stealing their information. The bait the "phisher" uses to reel you in is forged email, websites, or hyperlinks that look like the real thing. They'll ask for your Social Security number, driver's license, credit card, or bank account numbers.
Here's how to avoid getting caught.
- Spoofed email address. It's easy to fake a From or ReplyTo address, either manually or with spam software, so never assume an email is real by looking at its header. You might be able to spot fake addresses by checking for domain name misspellings (like gogole.com, instead of google.com), but this isn't foolproof. Best bet? Don't reply to suspicious emails and don't open email attachments. By the way, some email service providers combat the problem of spoofed addresses by using authentication techniques to verify a sender's integrity.
- Fake link. Scam emails can contain a hidden link to a site that asks you to enter your log on and account information. A clue: if the email threatens you with account closure if you don't log on soon, you could be the target of phishing. You may be able to tell if a link is real by moving your mouse over and looking at the bottom of your browser to see the hidden web address -- it will look different than the one you see on the surface. When in doubt, never click on a link in a suspicious email.
Note: You can help, if you suspect you have received a phishing email from someone impersonating Intuit, please forward it immediately (with the email headers intact, if possible) to firstname.lastname@example.org. We will look into each reported instance.
There are also sites out there that offer technical support for TurboTax or other Intuit products. While many of these sites are legitimate operations, they are not endorsed by, licensed by, or otherwise affiliated with Intuit or TurboTax. We cannot and do not guarantee their services or accuracy. The best and only way to reach official TurboTax support is through TurboTax.com and our Contact Us page.
What we won't do
- We will never send you an email with a "software update" or "software download" attachment. When it is time to tell you about an update, we will give you instructions on how to manually update from the product or direct you to enter the Web site name and do so manually. Some of our products have an “auto-update” feature which is the preferred method.
- We will never send you an email asking you to send us your login or password information.
- We will never ask you for your banking information or credit card information in an email. We will never ask you for private information about your employees in an email.
What we will do
- We will provide you with instructions on how to stay current with your Intuit product, and we will provide you with information on how to securely download an update from your computer.
- If we need you to update your account information, we will request that you do so by logging into your account or calling an official Intuit number.
Important: Not sure if it's really TurboTax behind that email? We can help. For the latest info on known phishing scams and how to report suspicious emails, visit our Online Security Center.
Q: If I think an e-mail is suspicious, what should I do? A: Send any suspicious e-mails to email@example.com.
Q: Where can I look for information about suspicious e-mails to find out if they are real? A: You can check the Intuit Online Security website to review any known phishing e-mails or details about other security issues.
Q: How secure is my personal information using your online services? A: The privacy and security of our customers' data is of the highest importance to us and we consider it key to maintaining customers’ trust. We employ industry-recognized security safeguards to help protect the private information you provide us from loss or misuse.
Q: Does Intuit sell or share their customer lists? A: Intuit does not rent, sell or share our customers’ personal information with anyone outside of Intuit for their promotional use.
Q: Why am I getting a password reset e-mail for somebody else? A: At Intuit, we allow customers to create Member IDs for many of our services. If a customer forgets his/her password, we will only allow the change to be authorized by the e-mail address on record. If it appears that someone entered your e-mail address in error, it's mostly likely by accident, in an attempt to reset their password. As a result, you received the e-mail, which is how the process is supposed to work. This is one of the ways we stop unauthorized access to users' accounts. The other user most likely has an e-mail address similar to yours or hit a key incorrectly when trying to get his/her password reset. You can also receive email from Intuit if an e-mail address is shared or used by others in your household.
Q: Why was I told that you cannot delete my e-mail address from your database? A: Unfortunately, for record-keeping and legal purposes, we cannot delete e-mail addresses. We can, however, block your e-mail address, so you no longer receive promotional communications from us. We respect your choice not to be contacted for promotional reasons such as marketing. However, sometimes it is necessary to inform our customers about critical matters that could affect the use of their software, service or subscription. Due to the financial nature of our products, customers cannot opt out of receiving these critical service notifications. We take care to limit these notices only to customers affected by the issue.
Q: Where can I go to opt out of receiving marketing e-mails? A: Customers can manage their contact options by visiting us at Privacy Preferences.
Q: I opted out of marketing contacts from Intuit, why am I still getting e-mails? A: Your choice to opt-out only applies to promotional materials and not critical service notifications that could affect your service or software. Intuit respects your desire to not be contacted. We notify our customers about "critical service notices" because it may be necessary to contact customers to notify them about a subscription expiration, provide order information such as confirmations, or alert them to an issue with a service or software that could negatively affect their continued use. Due to the financial nature of our products, customers cannot opt out of receiving these critical service notifications. We take care to limit these notices only to customers affected by the issue. Also, please note that if you have more than one email address, you can opt out of one and not the other(s).
Q: Why do you require me to provide my information when I go to opt out? A: Intuit places the highest value on customer privacy. To verify that we are correctly honoring your contact preferences, we must verify your contact information so that we can correctly match and update the appropriate customer account in our database. After locating and updating your record, we will flag it so that it will not be included in future marketing lists as indicated in your request.
Q: Who oversees Intuit’s privacy policies to assure they meet certain standards? A: To give you confidence in our privacy practices, we have obtained the TRUSTe Seal. TRUSTe reviews designated Intuit Web sites and evaluates our privacy practices. For more information about the TRUSTe Seal, visit http://www.truste.com
Q: Who can I contact if I have security questions? A: You can reach our Security Team by email at Security@Intuit.com.
Q: Who can I contact if I have privacy concerns? A: You can reach our Privacy Team by either using the online form found at https://privacy.intuit.com/cpi/do/comments or by e-mailing Privacy@Intuit.com or you can send postal mail to:
Privacy TeamIntuit Inc,2800 East Commerce Center Place,Tucson, AZ 85706
Read security tips and external security resources, report phishing and contact Intuit Security through our Online Security Center.