Safe email: how to avoid being reeled into scams.
| Author | Werner, Randy |
| Position | Tech Talk |
[ILLUSTRATION OMITTED]
Cybercriminals continue to target and defraud CPA firms and their clients by deploying new phishing schemes to steal information and money. Damages resulting from the scams can range from several thousand to several hundred thousand dollars.
The lower end of the range of damages involves tax return schemes that target the large volumes of personal identifying information handled by tax preparers. The IRS recently warned tax return preparers about phishing schemes in which scammers send emails purporting to come from tax software companies, fooling tax preparers into clicking on a link to update the software, but which loads malware on their computers that permits cybercriminals to obtain remote control of a preparer's computer system. Criminals then file client tax returns and redirect refunds to the fraudsters' accounts. Similar email schemes have targeted individual taxpayers as well.
Lessons and Tips
Never click on unexpected links or open email attachments. Instead, use the software or other provider's website to connect regarding updates. Tax professionals should also run a security "deep scan" to search for viruses and malware on computers.
Providing regular staff training will enhance awareness of the dangers of phishing scams, which can come in the form of emails, texts and phone calls from scammers posing as vendors or contract workers. Some experts recommend adding a data breach simulation to the training schedule at least once per year. Others will test awareness by "inoculation," in which all users are sent benign phishing emails. Those who err are then educated on how to avoid the errors.
Strengthening passwords for computer and software access also is a good practice. Passwords should be at least eight digits long (longer is better) with a mix of numbers, letters and special characters. Or use a passphrase that is easy to remember, but change some of the letters to numbers, such as "E" to "3." For instance, "ILoveCaliforniaSocietyofCPAs" is changed to "!LOVc@LifOrniaSOcietyofCP@s."
Hackers Stealing Tax Refunds
Hackers also will send fraudulent emails to tax preparers with bank account numbers different from legitimate client account numbers in an attempt to divert tax refunds into their own accounts. Once the refund is sent to the wrong account, it's immediately withdrawn. Taxing authorities have no responsibility once the refund has been sent to a banking account.
A common spoofing technique involves...
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.
