Your Accounting System May Be Your Most Valuable Cybersecurity Target

Accounting & Finance
Your Accounting System May Be Your Most Valuable Cybersecurity Target

Cybercriminals are increasingly targeting QuickBooks users through phishing, fake support scams, and account takeovers. Discover practical safeguards to protect your business, financial data, and cash flow.

Table of Contents

Cybercriminals Are Following the Money

For many businesses, QuickBooks is no longer just an accounting system. It serves as the hub for cash management, invoicing, bill payments, payroll, and customer collections. As cloud accounting platforms become more deeply connected to financial operations, they have also become increasingly attractive targets for cybercriminals seeking access to both sensitive data and company funds.

Recent reports show an increase in scams impersonating Intuit and QuickBooks, including phishing emails, fake support numbers, and attacks that pressure users to provide login credentials, MFA codes, or remote access. Intuit warns that fraudulent messages may use urgent language, fake websites, texts, phone calls, or emails that appear legitimate. Intuit recommends forwarding suspicious emails to security@intuit.com and avoiding links or attachments in unexpected messages.

The risk is no longer limited to someone “guessing a password.” In many cases, attackers attempt to take over an active session, change account recovery details, access connected banking features, or misuse the company’s own invoicing tools. QuickBooks Checking also supports instant transfers for eligible users, which can move funds quickly through linked debit cards, subject to applicable limits, fees, and holds.

Cybersecurity researchers have also reported campaigns using QuickBooks-related branding and legitimate-looking workflows to increase trust. KnowBe4 reported a 36.5 percent increase in phishing attacks leveraging QuickBooks’ legitimate domain in early 2025, with some attacks shifting from email to phone-based support scams. Bitdefender has also warned that fake QuickBooks support scams may ask for verification codes, login approvals, or remote access before attempting to reset passwords or move money from connected accounts.

What business owners should review now

Start with access. Review every user in your accounting platform and remove anyone who no longer needs access. Limit administrative permissions to a small group and require multifactor authentication for all users.

Next, review banking and payment settings. Confirm which accounts, debit cards, and payment methods are connected. Keep operating cash separate from reserve funds where practical and avoid leaving unnecessary balances in accounts tied directly to invoicing or payment tools.

Finally, verify support channels. Do not call phone numbers from pop-up messages, sponsored search results, or unexpected emails. Go directly to the official Intuit or QuickBooks support site from a trusted browser bookmark.

Practical safeguards

  1. Require approval for changes to bank accounts, user permissions, payment settings, and recovery information.
  2. Reconcile bank activity frequently, especially after any suspicious login, support call, or account lockout.
  3. Train staff to pause before entering MFA codes, approving login prompts, or allowing remote screen access.

Cybersecurity is no longer solely an IT issue. It is also a financial control issue. Effective protection requires clear user access policies, strong internal controls, regular account reviews, and employee awareness. Businesses that treat cybersecurity as part of their overall financial governance framework are often better positioned to reduce risk and respond quickly when incidents occur.

Duffy Kruspodin, LLP works with business owners and finance leaders to strengthen financial processes, internal controls, and operational safeguards that support secure and reliable business operations.

Learn More

Duffy Kruspodin, LLP encourages business owners and finance leaders to review current security guidance published by Intuit and reputable cybersecurity organizations, including:

Regular reviews of user access, payment controls, and account security settings can help reduce risk and support business continuity.

Concerned about your accounting system controls? Contact Duffy Kruspodin, LLP to review your QuickBooks access, cash controls, and financial workflow safeguards.

General Disclosure: The information provided in this article is for general informational purposes only and does not constitute professional accounting, tax, or legal advice. Laws and regulations are subject to change and may vary based on specific facts or jurisdictions. Presentation of this information is not intended to create, and receipt does not constitute, an accountant-client relationship. Readers are advised not to act upon this information without seeking the services of a qualified professional.

Related Posts

Smarter Financial Moves Start Here.

Stay in the know with financial resources, industry insights and news that support smarter decisions - for your business and your life. Delivered monthly.

What Our Clients Have to Say.

View All

This is a 5-star accounting firm with 5-star staff. I highly recommend them.

Anonymous

I have been using this company for years and they are outstanding in many ways. Thank you for making, what can be unpleasant, a great experience. I APPRECIATE you very much!

Laura B.

Precise accounting, professional team, reliable, ethical. Everything I could ask for in a business accountant. Our complex industry (healthcare) is well served by Duffy every day.

Britten D.

My partnership with DK is the lifeblood of my company and personal well-being. Through thick and thin, DK stands by me, never wavering. DK’s expertise in strategic planning and meticulous attention to detail is superior.

Arthur G.
CEO

I have been working with Duffy Kruspodin, LLP for almost twenty years now. While that already speaks for itself, I have to say that I feel I am working with the best accounting firm in our area! They respond to each and every email and phone call the same day and I would recommend them to anybody looking for a good CPA!

Alexandra B.

Duffy Kruspodin, LLP has been our lifeline for developing our businesses for for over 30 years. We wouldn't think of changing direction or making a major decision without their sage advice. Our relationship through the years has been extraordinary. We are genuinely grateful for all the assistance they’ve given us through the start-up, expansion and sale of our companies.

Drs. Gordon and Karen B.

DK has handled my business, personal and family accounting needs for almost 20 years. In that time DK has become a very trusted business partner not only providing excellent accounting services but financial planning, business strategies and consultant services. DK has earned my trust throughout our continuing relationship.

Scott G.

DK has been a trusted partner from the very first day that we are with them. They have always been one step ahead of us in our accounting needs for our rapid growth. The one thing that I will say about DK is their in-depth knowledge and their friendly staff. We appreciate the partnership we have with DK.

Eddie W.
CEO

View All

Every Decision Deserves The Right Partner

We’re here to help — with real advice, steady support, and a team that follows through.

This is Modal Title

Enter content here. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.​ Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Talk with an Advisor