Scammers are masquerading as TurboTax in an attempt to phish account credentials of TurboTax users.


Fake ‘TurboTax Identity Service’ email

Legitimate emails would address the user by their name, not as “Dear TurboTax User.”

The phishing scam also contains an HTML attachment that borrows source code and elements from the real TurboTax website. If the users fall for the scam, the scammers will now not only have the login info, but also the victims email password and security answers.



Scammers with that info can log into the TurboTax account as well as their email account and lock the victim out of both.

When preparing to file your taxes, keep the following tips in mind:

• Be skeptical of unexpected and unprompted email communications. If you didn’t ask for it, then it is likely a scam.
• Never download and open attachments claiming to be a “secure” way to login and verify your identity. This method is intended to bypass anti-phishing features in most modern browsers.
• When in doubt, don’t click on a link in an email. Instead, open up a new browser window or tab and login directly.

Source: Symantec