0

I have a TLD, and have set it up to forward any email sent to *@domain.com to myname@domain.com.

Over the last week, I've got a handful of emails from Intuit/TurboTax to random names on my domain, e.g. lucie@domain.com, and they seem legitimate (pass SPF/DKIM/DMARC).

The emails include full names, billing addresses, last 4 digits of card numbers and licence keys for turbotax, which all seem to be legitimate too.

The domain is quite obscure, and this has now happened 5+ times. I don't see any way that this could be a mistake. My best guess is that it's some sort of fraud attempt.

Is this a "known" type of fraud?

I'd like to avoid any potential association with it, and it's also just a bit of a nuisance. Is there anything I can do or anyone I should contact in this situation?

schroeder
  • 125,553
  • 55
  • 289
  • 326
patriiiicko
  • 9
  • 1
  • 1
    Contact turbotax since there appear to be license keys – schroeder Mar 10 '21 at 23:17
  • 2
    This sounds similar to the Netflix scam of a couple of years ago (see https://security.stackexchange.com/questions/210045/why-would-someone-open-a-netflix-account-using-my-gmail-address). With tax season coming up, it may be that someone is recycling this scam and using it for Intuit and/or TurboTax, instead of Netflix. – mti2935 Mar 11 '21 at 00:00
  • "I have a TLD" I doubt so. You have a domain name, not a TLD. – Patrick Mevzek May 26 '21 at 21:53

0 Answers0