Google Ads Exploited in QuickBooks Phishing Scam Ahead of Tax Deadline
As the US tax deadline approaches, cybercriminals are exploiting Google Ads to target QuickBooks users with sophisticated phishing scams. Learn how to protect yourself from these deceptive tactics.
TL;DR
As the April 15th tax deadline nears in the US, cybercriminals are capitalizing on increased online activity by using Google Ads to target QuickBooks users with phishing scams. These scams lead to convincing fake login pages designed to steal sensitive information. Protect yourself by being cautious of deceptive ads and always verifying URLs.
Tax Deadline Threat: QuickBooks Phishing Scam Exploits Google Ads
With the looming tax filing deadline of April 15th in the US, the pressure to complete online tasks quickly can make anyone vulnerable. Cybercriminals are well aware of this heightened activity and are exploiting trusted platforms like Google to target users of Intuit QuickBooks. By purchasing prominent Google Ads, they create highly convincing fake login pages designed to steal sensitive information, including usernames, passwords, and even one-time passcodes (OTPs)—essential data for tax compliance.
Brand Impersonation: From Google Ad to Phishing Page
Accounting and tax preparation software has long been a favored target for scammers, particularly those operating out of large call centers in India and neighboring regions. Late last year, a fraudulent QuickBooks installer laced with malware tricked users into calling for assistance. This new attack is even more dangerous, aiming to steal victims’ login credentials for QuickBooks.
The scam begins with a Google search displaying an ad that mimics Intuit’s branding for “QuickBooks Online.” This ad leads to a fraudulent website that closely resembles the genuine QuickBooks login page.
1
2
3
Domain Name: QUICCKBOORKS-ACCCOUNTING.COM
Registrar URL: https://www.hostinger.com
Creation Date: 2025-04-07T01:44:46Z
Unsuspecting victims are directed to a sign-in page that is actually a phishing portal, stealing account credentials in real-time and relaying them to the criminals behind the scheme.
One-Time Passcode Workaround
Passwords alone offer limited security as they can be easily guessed, stolen through phishing, or compromised in data breaches. Enhancing account protection with a second form of authentication, such as one-time passcodes sent to your device or using a 2FA app, adds an extra layer of verification. However, phishing kits have evolved to bypass one-time passcodes and 2FA using “man-in-the-middle” or “adversary-in-the-middle” (AiTM) techniques.
When victims enter their credentials and one-time passcode on a fake login page, this information is intercepted in real-time and relayed to the attacker. The attacker can then use these stolen credentials and the valid one-time passcode to log in to the victim’s account before the passcode expires.
Conclusion
Cybercriminals intensify their efforts to target accounting software like QuickBooks during tax season, aiming to exploit the increased volume of financial transactions and the urgency of tax preparations. Deceptive Google ads can closely resemble legitimate search results, leading unsuspecting users to fake login pages that harvest their credentials, financial data, or even install malware.
While OTP and 2FA significantly enhance security against most attacks, they are ineffective if the initial login occurs through a malicious website reached via a deceptive ad. Therefore, it is crucial to access your QuickBooks account directly through the official Intuit QuickBooks website or application, carefully verifying the URL.
We don’t just report on threats—we help safeguard your entire digital identity.
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
Malicious QuickBooks Domains
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
quicckboocks-accounting[.]com
quicckbooks-accounting[.]com
quicckrbooks-acccounting[.]com
quicfkbooks-accounting[.]com
quichkbooks-accounting[.]com
quicjkbooks-accounting[.]com
quickboorks-acccounting[.]com
quickboorks-accountings[.]com
quicnkbooks-accounting[.]com
quicrkbookrs-accounting[.]com
quicrkbooks-acccounting[.]com
quicrkbooks-accountting[.]com
quicrkboorks-accounnting[.]com
quicrkboorks-accounting[.]com
quicrkbrooks-online[.]com
quicrkrbooks-accounting[.]com
quictkbooks-accounting[.]com
quicvkbooks-accounting[.]com
quicxkbooks-accounting[.]com
quirckbooks-accounting[.]com
Additional Resources
For further insights, check: