QuickBooks Support Callback Scam: How It Works and How to Protect Your Business
A callback scam impersonating QuickBooks support cost small business owners $95,000. Learn how the fraud works and the steps to safeguard your company.

When a caller claims to be from QuickBooks support, small business owners naturally want to cooperate. But fraudsters are exploiting that trust. According to a report by Bitdefender, a sophisticated callback scam recently cost a small business $95,000.
How the Callback Scam Works
This fraud typically begins with an unsolicited phone call that rings once and disconnects, or a voicemail claiming there is an urgent issue with your QuickBooks account or bank integration. The goal is to get you to call back a phone number that appears legitimate.
Once you are on the line, the scammers impersonate Intuit or QuickBooks representatives. They create a false sense of urgency—claiming your account is compromised, your subscription is lapsing, or unauthorized charges have occurred. To resolve the fake emergency, the caller will ask you to log into your computer, navigate to a specific website, or provide remote access to your workstation.
Where the Financial Loss Happens
The ultimate objective of the scam is access to your financial data and banking portals. If you grant remote access, attackers can quietly navigate your system in the background while keeping you distracted on the phone. They use this access to initiate fraudulent wire transfers, alter payment routing details, or drain connected bank accounts. In the case reported by Bitdefender, the business lost $95,000 before the unauthorized transactions were discovered.
Practical Steps to Protect Your Business
Scammers rely on panic and urgency to bypass your better judgment. You can protect your company by adopting strict verification protocols:
- Never return calls to unsolicited numbers: If you receive a voicemail about a QuickBooks billing or technical issue, do not call the number left in the message.
- Verify through official channels: Log directly into your QuickBooks account to check for alerts or billing messages. Use only the official contact information provided on the Intuit website.
- Deny all remote access requests: Legitimate support agents will not cold-call you to demand remote access to your computer to fix a billing discrepancy.
- Train your staff: Ensure that anyone who answers the phone or handles company finances knows to hang up on aggressive, high-pressure callers.
If you suspect you have already been targeted, immediately disconnect your computer from the internet, contact your bank to freeze your accounts, and change your QuickBooks and banking passwords from a separate, secure device.