BREACH: Intuit Spearphishing attack

[Corey Quinn <corey () sequestered net>]

I received an interesting email yesterday to a tagged address given only to Intuit for tax purposes two years ago (link 
removed):


Dear Account Holder,

With intent to ensure that precise information is being sustained on our systems, as well as to provide you better 
quality of service; INTUIT INC. has taken part in the Internal Revenue Service [IRS] Name and TIN Matching Program.

It appears that your name and/or Social Security Number, that we have on your account does not correspond to the data 
provided by the IRS.

In order to check and update your account, please enter the site.

Yours truly,
INTUIT INC.

Corporate Headquarters
2632 Marine Way
Mountain View, CA 94043

*  *  *

Wonder if we'll ever see an official confirmation out of Intuit…

-- Corey
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/