Dissecting a scam and avoiding it

Preview:

I look at a scam phishing attack that a fellow consultant's client fell for. I dissect the 5 mistakes that he made before terminating the phone call and calling for real help. This should help many people avoid similar mistakes.

Jesse Black of Yellow Crayon LLC recently reported on a client who got caught in a scam. I thought it was useful to carefully explain because it might save my clients. The client started by buying Turbo Tax Premier at Costco. That's safe, right? Yes. What he got was an activation code and instructions on how to download it. The download link was InstallTurboTax.com. So far, so good.

Mistake #1. Confusing Search and Address bar

Rather than type installturbotax.com in the Address Bar, he typed it into a search bar. The address bar is at the top. Typing the exact address there will take you there. Typing it into a search bar, or typing an incomplete address, will flip you to search. That gives you many chances to make a mistake.

When I started this article, I was sure that if the client simply didn't use Google search or did use uBlock Origin to stop ads and trackers, it would help. I was wrong. First, I opened my virtual Windows sandbox. I've written an article about it elsewhere in the newsletter. This allowed me to go to dangerous places and take some risks, and then POOF, eliminate everything, and leave no trace.

I tried entering installturbotax.com in the search box for Bing, Google, DuckDuckGo, and search.brave.com. They all produced similar results. This is typical for the first few results, but it could have more images or advertisements above. These were the first three sites on the list. 2 of the first 3 were scams!

The first site is correct, but notice it isn't leading to installturbotax.com. It takes the user to an Intuit page and has their logo on the left.
This is the one that Jesse's client clicked on. Notice that they imitated the Intuit checkbox logo at the left, but theirs is in green, not red, and the check is a bit different. It is going to installturbotax.net, which is closer to the real address than the real one is!
The next address down does say, installturbotax-com-with-license-code. Then the miscreant's site.

Another site that is particularly pernicious was this one.

Notice that the big blue words say, "Installturbotax com.” However, these mean nothing. They are just a description the miscreant wrote. The actual site is at Google.com, and the subpage is install-tur-botax-com. That's not how Intuit would do it. Being on Google could make someone feel safe. However, Google does not do a good job cleaning their sites. Google sites are free pages Google gives away to people who use the Google Workplace. It is not any authorization or accreditation from Google. Just someone using a free page.

Mistake #2. Clicking the wrong result.

These results are extremely difficult to decipher, and the scammers do everything possible to deceive us. Don't do something like this if you are tired or in a hurry. Go to bed and try again tomorrow.

If you ever have to go to a site and enter information or download something, only go to the official site of the company. Be extra vigilant and careful. Know that miscreants are out to get you and that possibly half the results are scammers trying to hurt you. Be paranoid!

Mistake #3. Don't rely on sponsored or ad labels.

None of the results I've shown above were paid ads. These were all malware sites that came up on the first page of legitimate search engines. Unlike my thought when I started this article, it didn't matter which search engine you use. They all screwed up pretty equally. The scammers have figured out how to fool the search engines better than legitimate companies.

Of course, if it says ad or sponsored, try to find the actual company you want and be cautious.

Mistake #4. Check before clicking

Before doing anything on an unfamiliar site, look at the address in the address bar and see where you really are and if that makes sense.

Before you click on a button, see where it goes. These sites all had an Activation or Enter your license key here button. Instead of just clicking, hover over the button and look to see where it goes. The actual destination is shown in the lower-left corner of your browser window. Here are two from the links above.

The important thing to examine most carefully is the last place before any /s at the end. In this case, what comes immediately before "/en-US/articles”? So, gorgias.help. The website you are going to if you click their activation link is gorgias.help. Not likely to be Intuit or Turbo Tax.

If you are still uncertain, you can check with an AI bot like Grok.com, Perplexity.ai, gemini.google.com, or you.com. So, I asked Grok if gorgias.help was a legitimate Turbo tax site. It said,

No, gorgias.help is not a legitimate TurboTax site. Official TurboTax services are provided through domains like turbotax.intuit.com or intuit.com. The gorgias.help domain is associated with Gorgias, a customer service platform, not Intuit, the maker of TurboTax. While some pages on turbotaxhelp.gorgias.help or tax-support.gorgias.help offer TurboTax-related support, these are likely third-party or unofficial sources and should be approached with caution. For safe and legitimate TurboTax services, stick to official Intuit websites or verified apps.

That would have been enough to send me back to the search results, or attempt to type in the address properly.

I asked Gemini.google.com about installturbotax.net, the site that conned Jesse's client.

It said,

No, installturbotax.net is not an official TurboTax website.
The official TurboTax website is turbotax.intuit.com. Intuit is the company that owns TurboTax, along with other products like QuickBooks and Credit Karma.

It's crucial to be very careful about where you download tax software, as unofficial sites can contain malware or be phishing scams designed to steal your personal information. Always make sure you are on the legitimate Intuit/TurboTax domain when dealing with your taxes.

and

This one is simpler. It will go to the TX page on platdir.com.
It is also not associated with Intuit or Turbo Tax.

So, always check the actual site location in the address bar, and also see where their buttons are taking you.

Mistake 5. Don't call the help number!

Of course, the activation button didn't work, but there was a helpful support phone number available, which the client called. The "support” agent helpfully remoted into the client's computer and determined he had a virus. At that point, the client figured out he was being scammed and cut the connection. Then he called Jesse, who cleaned up the mess and downloaded Turbo Tax and installed it for his client.

Hopefully, this article makes you a bit more paranoid and perhaps will prevent a scam. The Internet is wonderful but also host to at least one million scammers.

Date: July 2025

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Dissecting a scam and avoiding it Preview: I look at a scam phishing attack that a fellow consultant's client fell for. I dissect the 5 mistakes that he made before terminating the phone call and calling for real help. This should help many people avoid similar mistakes. Jesse Black of Yellow Crayon LLC recently reported on a client who got caught in a scam. I thought it was useful to carefully explain because it might save my clients. The client started by buying Turbo Tax Premier at Costco. That's safe, right? Yes. What he got was an activation code and instructions on how to download it. The download link was InstallTurboTax.com. So far, so good. Mistake #1. Confusing Search and Address bar Rather than type installturbotax.com in the Address Bar, he typed it into a search bar. The address bar is at the top. Typing the exact address there will take you there. Typing it into a search bar, or typing an incomplete address, will flip you to search. That gives you many chances to make a mistake. When I started this article, I was sure that if the client simply didn't use Google search or did use uBlock Origin to stop ads and trackers, it would help. I was wrong. First, I opened my virtual Windows sandbox. I've written an article about it elsewhere in the newsletter. This allowed me to go to dangerous places and take some risks, and then POOF, eliminate everything, and leave no trace. I tried entering installturbotax.com in the search box for Bing, Google, DuckDuckGo, and search.brave.com. They all produced similar results. This is typical for the first few results, but it could have more images or advertisements above. These were the first three sites on the list. 2 of the first 3 were scams! The first site is correct, but notice it isn't leading to installturbotax.com. It takes the user to an Intuit page and has their logo on the left. This is the one that Jesse's client clicked on. Notice that they imitated the Intuit checkbox logo at the left, but theirs is in green, not red, and the check is a bit different. It is going to installturbotax.net, which is closer to the real address than the real one is! The next address down does say, installturbotax-com-with-license-code. Then the miscreant's site. Another site that is particularly pernicious was this one. Notice that the big blue words say, "Installturbotax com.” However, these mean nothing. They are just a description the miscreant wrote. The actual site is at Google.com, and the subpage is install-tur-botax-com. That's not how Intuit would do it. Being on Google could make someone feel safe. However, Google does not do a good job cleaning their sites. Google sites are free pages Google gives away to people who use the Google Workplace. It is not any authorization or accreditation from Google. Just someone using a free page. Mistake #2. Clicking the wrong result. These results are extremely difficult to decipher, and the scammers do everything possible to deceive us. Don't do something like this if you are tired or in a hurry. Go to bed and try again tomorrow. If you ever have to go to a site and enter information or download something, only go to the official site of the company. Be extra vigilant and careful. Know that miscreants are out to get you and that possibly half the results are scammers trying to hurt you. Be paranoid! Mistake #3. Don't rely on sponsored or ad labels. None of the results I've shown above were paid ads. These were all malware sites that came up on the first page of legitimate search engines. Unlike my thought when I started this article, it didn't matter which search engine you use. They all screwed up pretty equally. The scammers have figured out how to fool the search engines better than legitimate companies. Of course, if it says ad or sponsored, try to find the actual company you want and be cautious. Mistake #4. Check before clicking Before doing anything on an unfamiliar site, look at the address in the address bar and see where you really are and if that makes sense. Before you click on a button, see where it goes. These sites all had an Activation or Enter your license key here button. Instead of just clicking, hover over the button and look to see where it goes. The actual destination is shown in the lower-left corner of your browser window. Here are two from the links above. The important thing to examine most carefully is the last place before any /s at the end. In this case, what comes immediately before "/en-US/articles”? So, gorgias.help. The website you are going to if you click their activation link is gorgias.help. Not likely to be Intuit or Turbo Tax. If you are still uncertain, you can check with an AI bot like Grok.com, Perplexity.ai, gemini.google.com, or you.com. So, I asked Grok if gorgias.help was a legitimate Turbo tax site. It said, No, gorgias.help is not a legitimate TurboTax site. Official TurboTax services are provided through domains like turbotax.intuit.com or intuit.com. The gorgias.help domain is associated with Gorgias, a customer service platform, not Intuit, the maker of TurboTax. While some pages on turbotaxhelp.gorgias.help or tax-support.gorgias.help offer TurboTax-related support, these are likely third-party or unofficial sources and should be approached with caution. For safe and legitimate TurboTax services, stick to official Intuit websites or verified apps. That would have been enough to send me back to the search results, or attempt to type in the address properly. I asked Gemini.google.com about installturbotax.net, the site that conned Jesse's client. It said, No, installturbotax.net is not an official TurboTax website. The official TurboTax website is turbotax.intuit.com. Intuit is the company that owns TurboTax, along with other products like QuickBooks and Credit Karma. It's crucial to be very careful about where you download tax software, as unofficial sites can contain malware or be phishing scams designed to steal your personal information. Always make sure you are on the legitimate Intuit/TurboTax domain when dealing with your taxes. and This one is simpler. It will go to the TX page on platdir.com. It is also not associated with Intuit or Turbo Tax. So, always check the actual site location in the address bar, and also see where their buttons are taking you. Mistake 5. Don't call the help number! Of course, the activation button didn't work, but there was a helpful support phone number available, which the client called. The "support” agent helpfully remoted into the client's computer and determined he had a virus. At that point, the client figured out he was being scammed and cut the connection. Then he called Jesse, who cleaned up the mess and downloaded Turbo Tax and installed it for his client. Hopefully, this article makes you a bit more paranoid and perhaps will prevent a scam. The Internet is wonderful but also host to at least one million scammers. Date: July 2025 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk