Why are phishing emails being sent from verified and authenticated intuit.com servers?

Email marketer from Reddit explains that phishers often exploit vulnerabilities within legitimate platforms like Intuit. They might compromise accounts or use loopholes in the platform's email sending features to distribute phishing emails, bypassing standard security measures since the emails appear to originate from a trusted source.

Email marketer from Cybersecurity Forum mentions the possibility of subdomain takeovers. If a phisher gains control of a subdomain associated with Intuit (e.g., something.intuit.com), they can send emails that appear legitimate because they are coming from an Intuit domain.

Email marketer from StackExchange suggests that Intuit, like many companies, might use third-party email marketing services. If a phisher compromises an account on one of these services, they could send emails that appear to come from Intuit, even though they are not directly originating from Intuit's own infrastructure.

Email marketer from Personal Security Blog shares that some phishing emails may legitimately originate from Intuit servers due to a compromised account or a vulnerability within their system. Even if the headers appear valid, the content and links within the email may be malicious.

Marketer from Email Geeks says systems can be hacked and abused from within, including flat out breaches and malware, that causes a lot of damage.

Email marketer from Medium writes that the exploitation can lead to reputational damage as customers will be wary of Intuit communications and services. It also increases the distrust for email communications in general.

Email marketer from Quora responds that one possibility is that the sender's Intuit account has been compromised. If a hacker gains access to an Intuit account with email sending capabilities, they can use it to send phishing emails, leveraging Intuit's reputation for legitimacy.

Email marketer from Consumer Reports explains that when in doubt, users should independently visit the Intuit website by typing the address into their browser, rather than clicking on links in emails. They should also report any suspicious emails to Intuit and the FTC (Federal Trade Commission).

Email marketer from LinkedIn explains that sophisticated phishing emails can be difficult to detect, even with advanced security measures in place. Phishers are constantly finding new ways to bypass filters and target users, making it challenging to prevent all phishing emails from reaching inboxes.

Marketer from Email Geeks shares that it’s unfortunately common to see phishing emails sent via Intuit servers, often abusing their small business products. Countering this is difficult because blocking Intuit is not feasible due to legitimate traffic. Suggests complaining to Intuit to crack down on the abuse vector.

Expert from Email Geeks explains spammers are abusing forms/signups to send spam, stealing another company’s authentication.

Expert from Word to the Wise explains that sometimes the issue isn't the company itself, but compromised accounts at ISPs or email providers that are being used to send spam. These compromised accounts can bypass authentication because they are, in fact, legitimate accounts sending from legitimate servers.

Documentation from APWG (Anti-Phishing Working Group) explains that sophisticated phishing attacks often involve exploiting legitimate services to send malicious emails. This could include compromising accounts, abusing email relay services, or finding vulnerabilities in web applications to inject phishing content.

Documentation from Intuit explains that although Intuit implements security measures, phishers are constantly evolving their tactics. They advise users to be vigilant and report any suspicious emails claiming to be from Intuit to their security team so they can investigate and take appropriate action.

Documentation from Microsoft Support explains that phishers can spoof the 'From' address of an email to make it look like it's coming from a legitimate domain like Intuit. Although Intuit may have proper email authentication (SPF, DKIM, DMARC) in place, these mechanisms can be bypassed if the phisher is sending directly from Intuit's servers or using a vulnerability in their system.

Documentation from DMARC.org explains that even with DMARC in place, there can still be issues. If Intuit's DMARC policy is set to 'none' or 'quarantine' instead of 'reject,' it may not prevent phishing emails from reaching inboxes. Additionally, DMARC only protects domains that are properly configured.

Documentation from SANS Institute describes that phishers use social engineering to trick users into clicking on malicious links or providing sensitive information. Even if the email appears to come from a legitimate source like Intuit, users should be wary of any requests for personal information or suspicious links.