The pressure of the looming tax filing deadline (April 15th in the US) can make anyone rush online tasks. Cybercriminals are acutely aware of this increased activity and are exploiting trusted platforms like Google to target Intuit QuickBooks users.
By purchasing prominent Google Ads, they are creating highly convincing fake login pages designed to pilfer sensitive information, including usernames, passwords, and even one-time passcodes (OTPs) – the keys to someone’s financial data needed for tax compliance.
Understanding this deceptive tactic is the first step in protecting yourself from falling victim.
Brand impersonation: from Google ad to phishing page
Accounting and tax preparation software has traditionally been a common lure for scammers, particularly those related to online support operating out of large call centres in India and surrounding areas.
Late last year, we documented a fraudulent QuickBooks installer that was laced with malware and generated a fake pop up to trick users into calling for assistance.
This time, the attack is even more dangerous as it goes after victims’ login credentials for QuickBooks. It starts from a Google search, showing an ad that impersonates Intuit’s branding for “QuickBooks Online”.
This leads to a fraudulent website that is essentially a lookalike.
Domain Name: QUICCKBOORKS-ACCCOUNTING .COM
Registrar URL: https://www.hostinger.com
Creation Date: 2025-04-07T01:44:46Z
Unbeknownst to victims, the sign-in page is actually a phishing portal that will steal account credentials in real-time and leak them to the criminals behind this scheme.
One-time passcode workaround
Passwords alone offer a limited level of security because they can be easily guessed, stolen through phishing, or compromised in data breaches. It is highly recommended to enhance account protection by enabling a second form of authentication like one-time passcodes sent to your device or utilizing a 2FA app for an extra layer of verification.
Phishing kits have evolved to become increasingly sophisticated, with some now capable of circumventing one-time passcodes and 2FA. These kits often employ “man-in-the-middle” or “adversary-in-the-middle” (AiTM) techniques.
When a victim enters their credentials and the one-time passcode on a fake login page created by the phishing kit, this information is intercepted in real-time and relayed to the attacker. The attacker can then use these stolen credentials and the valid one-time passcode to log in to the victim’s account before the passcode expires.
Conclusion
Cybercriminals often intensify their efforts to target accounting software like QuickBooks during or around tax season, hoping to capitalize on the increased volume of financial transactions and the time-sensitive nature of tax preparations.
Deceptive Google ads can be designed to closely resemble legitimate QuickBooks search results, leading unsuspecting users to fake login pages that harvest their credentials, financial data, or even install malware.
OTP and 2FA still significantly increase security against a vast majority of attacks, especially automated attempts and less sophisticated phishing, making them essential layers of protection when used on authentic platforms.
However, even with the added security of one-time passcodes and 2FA, these measures are rendered ineffective if the initial login occurs through a malicious website reached via a deceptive ad.
Therefore, it is critical to access your QuickBooks account and conduct all sensitive activities directly through the official Intuit QuickBooks website or application, carefully verifying the URL.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
Malicious QuickBooks domains
quicckboocks-accounting[.]com
quicckbooks-accounting[.]com
quicckrbooks-acccounting[.]com
quicfkbooks-accounting[.]com
quichkbooks-accounting[.]com
quicjkbooks-accounting[.]com
quickboorks-acccounting[.]com
quickboorks-accountings[.]com
quicnkbooks-accounting[.]com
quicrkbookrs-accounting[.]com
quicrkbooks-acccounting[.]com
quicrkbooks-accountting[.]com
quicrkboorks-accounnting[.]com
quicrkboorks-accounting[.]com
quicrkbrooks-online[.]com
quicrkrbooks-accounting[.]com
quictkbooks-accounting[.]com
quicvkbooks-accounting[.]com
quicxkbooks-accounting[.]com
quirckbooks-accounting[.]com