Spammers have begun sending e-mail messages purporting to come from TurboTax customer support encouraging recipients to download an updated version of the software from a fake Web site.
The e-mails, reported on the Symantec security blog, claim to come from a suspicious-looking e-mail address called fannyxxx@turbotax.cn:
From: "TurboTax Support"
Subject: New TurboTax Update
Dear TurboTax User,
Due to changes in IRS requirements, we are requiring all TurboTax users to update their software to the current version. The process takes less then 30 seconds, and is done completely in the background. To begin the update, please visit turbotax.com/update and click "Open" when asked to begin the download. After doing so, no further action is required on your part. Thank you for your cooperation regarding this matter.
Sincerely,
TurboTax Customer Support
Instead of linking to the fictitious update site, the messages actually take users to a site with an alphabetically randomized address that contains a blank page with a pop-up that asks the user to download a file that could expose them to identity theft.
Symantec warns users about this message, as well as an e-mail message that purports to come from the Internal Revenue Service telling recipients to download tax software in order to receive their tax refund. The e-mail instead links them to a virus.
