Phishing is one of the most common types of cyberattacks facing accounting firms as criminals work to follow the money, targeting the keepers of large amounts of confidential financial information.
And with tax season in full swing, we should take a look at what accounting firms and tax preparers need to know about phishing attacks, as well as how they can keep their practices and clients safe.
What is a Phishing Attack?
In a phishing attack, the cybercriminal, posing as a trustworthy source, tries to trick the recipient into taking the attacker’s desired action, such as providing sensitive information. A cybercriminal can cast a wide net with a phishing attack or hand-select a potential victim in a more targeted attack called spear phishing. Once a person takes the bait, the attacker can then use that information to carry out the malicious deed.
Types of Phishing Attacks
One phishing scam making the rounds this tax season involves an attacker pretending to be from the IRS, another accounting firm, or posing as a client, and asking for legal or tax forms, such as a W-2 or W-9. The attacker then races to use the employee W-2 or contractor W-9 to file fraudulent tax returns.
Some other phishing attacks that we’ve been seeing recently involve scams targeting PayPal users and those appearing to be from Apple Tech Support. These phishing emails revolve around your account being “hacked” or an “important” notice regarding your data.
How to Recognize a Phishing Attack
While phishing can take the form of online advertisements or a phone call, they often take the form of emails. Remember that businesses should not ask for your password, login names, Social Security numbers, or other personal information by email.
If you’re not sure if an email is legitimate, there are several red flags to look out for: