AICPA Warns of Possible Pretexting Calls
The American Institute of Certified Public Accountants (AICPA), recently alerted members that someone posing as an AICPA employee has been contacting accounting firms requesting employee lists for various purposes. Depending on the type of information being requested, this type of call may be pretexting and it is illegal.
The Federal Trade Commission (FTC) defines “pretexting” as the practice of getting personal information under false pretenses. Pretexters will use a variety of excuses in an attempt to gain personal information. Once they obtain the personal information they are seeking, they may sell it to people who will use it for identity theft or use it themselves to investigate or stalk an individual.
Some personal information is a matter of public record, including home- or property-ownership, real estate taxes and whether a person or firm has ever filed for bankruptcy. It is not pretexting to collect this type of information.
It is, however, illegal for anyone to obtain customer information from a financial institution or a customer of a financial institution by:
- using false, fictitious or fraudulent statements
- using forged, counterfeit, lost or stolen documents
- asking a third person to get someone else’s information using false, fictitious or fraudulent statements or forged, counterfeit, lost or stolen documents.
Human resources experts advise that a business must disclose certain information in order to verify employment history. Because laws governing what an employer can and cannot say about employees are often complex, it is recommended all calls requesting personal information be transferred to a representative of the human resources or personnel departments when they cannot be transferred directly to the person that is being inquired about. Firms receiving calls from suspect “AICPA employees” are also asked to contact Jay Rothberg, AICPA Vice President at firstname.lastname@example.org.
It is possible that the person, or persons, calling accounting firms represent recruiters or corporate headhunters seeking contact information to use in recruiting efforts, as the AICPA suggests. But what if they aren’t?