Start Now

Most Common QuickBooks Scams & How to Avoid Them

QuickBooks scams trick U.S. businesses by impersonating Intuit to steal logins, reroute payroll, or demand payment. Scammers use emails, calls, and fake pop-ups. Learn the top red flags, examples, and ways to protect loved ones.

Austin Hulak
Austin Hulak
Founder
Updated

Table of Contents

Quick Facts

About this scam type

Impersonation scams occur when criminals pretend to be trusted companies, like Intuit or QuickBooks, to trick victims into revealing passwords, installing malware, or sending money. These scams work by creating convincing messages or calls that urge fast action to supposedly fix or cancel an account problem. They prey on busy business owners and bookkeepers who may act quickly when told their financial tools are at risk.

How scammers contact victims

Email is the main channel used, with scammers sending official-looking messages disguised as account alerts, invoices, or support requests. Emails are often backed by fake phone support or pop-ups, making it more likely for recipients to fall for the scheme. Attackers also use phone calls and browser pop-ups to reinforce urgency and trick non-technical users.

Who is most at risk

Scammers target U.S. small businesses, bookkeepers, and families assisting older relatives because they often manage payroll or sensitive financial details. These groups may not have dedicated IT staff and are more likely to act quickly to keep business running, making them appealing targets for scammers.

Understanding the risk level

QuickBooks scams can lead to account takeovers, payroll theft, locked company files, or large unauthorized payments. Victims may suffer financial losses, disclosure of sensitive employee or customer data, or long-term business disruption.

Most Common QuickBooks Scams

How it works: You receive a convincing email claiming your QuickBooks account is suspended or needs urgent updates. The email threatens to lock your access unless you click a link or call a number. These lead to fake login pages that steal credentials or push malware.

Real Example

Subject: QuickBooks Alert – Account Suspension Notice. Action required! Click here to restore your account access or call 1-888-XXX-XXXX.

Red Flag Signs:

  • • Urgent demand to click a link or call a number.
  • • Sender address is NOT intuit.com or e.intuit.com.
  • • Links or buttons don’t direct to intuit.com when hovered.

How it works: You get a fake invoice for an auto-renewed service or product you never ordered. To dispute or cancel, you are told to call a phone number. When you call, imposters ask for remote access to your computer or want direct payment.

Real Example

Invoice #: 98765. Product: QuickBooks Tech Support (Auto Renewal). To cancel or dispute, call 1-877-XXX-XXXX.

Red Flag Signs:

  • • Unexpected invoice for unfamiliar services.
  • • Instructions to call a phone number in the invoice.
  • • Pressure to let someone access your computer.

How it works: You receive a call or a browser pop-up warning you of QuickBooks errors or license issues. The scammer pushes remote access tools, claiming they must 'fix the problem,' and may demand payment by wire, gift card, or cryptocurrency.

Phone Script Example

This is QuickBooks Support. Urgent action needed—your company file is at risk. Please allow remote access so we can secure your account.

Red Flag Signs:

  • • Unsolicited calls or pop-ups about QuickBooks problems.
  • • Requests to install remote support tools.
  • • Demands for payment via wire transfer, gift cards, or crypto.

How it works: Scammers impersonate HR or employees, email to request changes to direct deposit, or send fake QuickBooks login pages. Payroll funds are rerouted if you act without verifying, or your credentials are compromised.

Phishing Email Example

Please update my bank info ASAP before Friday's payroll. Here’s the new account number: [hidden].

Red Flag Signs:

  • • Emails requesting sudden changes to payroll or bank accounts.
  • • Links to fake QuickBooks portals for credential capture.
  • • No voice verification used for sensitive changes.

How it works: Imposters—often calling after you interact with a pop-up or phishing email—claim you are owed a refund. They trick you into 'accidentally' sending them too much money, then pressure you to return the difference using irreversible methods.

Typical Script

We tried to issue a $300 refund but accidentally sent $3,000. Please send the extra $2,700 back by wire or gift card so our records balance.

Red Flag Signs:

  • • Claims of overpayment and requests to send money back.
  • • Instructions to return funds using gift cards or wire transfer.
  • • Refunds involving urgent, complicated instructions.

Red Flags & Warning Signs

Top 5 Phrases Scammers Use

  1. 1
    "Your QuickBooks account is suspended—act now"

    Creates pressure so you react without thinking.

  2. 2
    "Call this number to avoid service interruption"

    Pushes you to contact imposters, not real support.

  3. 3
    "You must update your payment method immediately"

    Attempts to harvest payment credentials.

  4. 4
    "Let us connect remotely to resolve your issue"

    Seeks control of your computer or files.

  5. 5
    "Refund issued in error, send back excess via gift card/wire"

    Tries to trick you into sending irreversible payments.

Scam Warning Signs

  • Phone numbers in emails or invoices
    Genuine QuickBooks emails do not include call-now numbers.
  • Links not going to intuit.com
    Scam links point to lookalike or unrelated domains.
  • Sender not using intuit.com or e.intuit.com email
    Real Intuit messages always use official domains.
  • Requests for remote access
    Legit support never asks for access unless you request a callback.
  • Unusual payment requests
    Gift cards, wire transfers, and crypto are not valid QuickBooks payment options.
  • Sudden payroll bank change requests
    HR or bank updates should always use multi-person verification.

Legitimate Communications

  • Emails only from intuit.com or e.intuit.com
    QuickBooks uses official domains for all communication.
  • Links always resolve to intuit.com when hovered
    You will never be asked to click to a non-Intuit page.
  • Support contacts you only after you request via the in-product Help menu
    You are never called out of the blue about errors or billing.
  • All billing, account, and payroll changes handled inside QuickBooks
    No company or bank changes are made by email request alone.
  • Payment never by gift card or wire
    QuickBooks and Intuit only use standard payment methods.

How to Protect Yourself

Use these practical steps to keep your business, personal finances, and loved ones safe from QuickBooks scams.

  1. 1.
    Go Direct Always

    Never click links or use phone numbers from emails or invoices about your QuickBooks account. Instead, sign in from a saved bookmark or type in the QuickBooks website manually to check for any billing alerts or notifications.

    Bookmark the official QuickBooks site and always use it to check your account.

  2. 2.
    Verify Support with Trusted Contacts

    Do not call numbers listed in emails or pop-ups. Use only the phone numbers found within your QuickBooks software Help menu or from the official website to request a callback.

    Teach staff and family members to always verify support requests.

  3. 3.
    Turn on Multi-Factor Authentication (MFA)

    Set up MFA or passkeys for all users with admin, payroll, or payments privileges. This makes it much harder for scammers to access your account, even if they have your password.

  4. 4.
    Lock Down Payroll Changes with Voice Verification

    Require that any changes to payroll, bank details, or direct deposit be double-checked with a phone or video call. Always have at least two people approve these changes.

  5. 5.
    Limit User Privileges in QuickBooks

    Only allow trusted staff to issue refunds, send invoices, or change bank info. Review user permissions regularly.

  6. 6.
    Train Everyone on Tech Support Scams

    Make sure your team and any relatives you help know never to allow remote access from unsolicited calls or pop-ups. If something looks suspicious, close the pop-up and report it immediately.

Sign up for Lifeguard to get real-time alerts about QuickBooks and financial scams targeting your family or business.

Get Protected

What to Do If You're a Victim

If you already clicked a suspicious link, shared info, or made a payment, act quickly. Recovery is possible with fast action.

  1. 1.
    Disconnect and Run Antivirus (Do immediately)

    Unplug your device from the internet and run a full antivirus scan to catch any malware. This should be done immediately to prevent further data theft.

  2. 2.
    Change All Important Passwords and Enable MFA (Do immediately)

    Update your QuickBooks/Intuit and email passwords, and turn on multi-factor authentication for all accounts.

  3. 3.
    Check the Audit Log and User List (Do immediately)

    Use QuickBooks' company audit log to review any suspicious activity or user changes, plus check your bank rules and apps connected to your account.

  4. 4.
    Contact Your Bank or Credit Union (Within 24 hours)

    Call your bank immediately to request an ACH or card payment recall or to block suspicious activity. Set alerts for any future unusual payments.

  5. 5.
    Report to Intuit Support and Security (Within 24 hours)

    Contact Intuit through the in-product Help menu and send details to security@intuit.com. Ask them to secure your account and verify all recent actions.

  6. 6.
    File an Identity Theft Report if Needed (Within 24 hours)

    If personal data was exposed, visit IdentityTheft.gov to start a recovery plan.

  7. 7.
    Report Losses to the FBI IC3 and Monitor (Within 1 week)

    If you lost money or granted remote access, file a report at ic3.gov. Keep all emails, invoices, and notes as evidence, and continue monitoring your accounts closely.

You can also report fraud to the FTC at ReportFraud.ftc.gov or forward phishing emails to reportphishing@apwg.org. For ongoing monitoring, consider enrolling in a service like Lifeguard.

Frequently Asked Questions

Check that it comes from intuit.com or e.intuit.com and that links point to intuit.com. Never trust emails with urgent action or unknown phone numbers, and verify in your account directly.

Identification

Disconnect the call, unplug your computer from the internet, and run antivirus software. Then, change your passwords and let Intuit and your bank know immediately.

Recovery

No. Intuit and QuickBooks support will only contact you after you request help through the in-product Help menu. Any unexpected support call is suspicious.

Identification

Report fake emails or contacts to security@intuit.com, the FTC at ReportFraud.ftc.gov, and the FBI IC3 at ic3.gov if money or data was lost.

Reporting

Teach them not to click on links or call numbers from emails or pop-ups. Help them use bookmarks and request support through official channels only.

Prevention

No. Intuit will never ask for remote access unless you have requested help directly through your account. Ignore any unsolicited request for remote access.

Identification

Keep Your Business Financially Safe

Start protecting your QuickBooks accounts and financial information on Lifeguard. Get real-time alerts, staff training, and recovery support after scams.

Get Protected
Share: