In the interconnected digital age, it’s easier than ever before to fall for the cunning scams launched by email phishers hoping to trick you into divulging valuable information. America’s taxpayers, and perhaps more importantly, the tax-preparing accountants who they hire, need to be on constant alert for devious scammers aiming to make a quick buck off.
So what steps can a tax pro take to avoid common phishing scams, and what common pieces of advice can accountants offer their clients regarding this issue? Rather than sitting around waiting to be the next victim, tax pros know they need to be proactive in fending off phishing scams, and follow these important guidelines before reaching out to their clients.
Listen to the professionals
The hallmark of a wise consumer in any industry is whether they listen to professionals. Luckily for us, the ruling authorities of phishing, fraud, and other tax-related misconduct have already laid out a number of useful tips to keep in mind.
As the IRS itself says, “don’t take the bait!” A simple review of the common language used frequently by phishers can go a long way in preventing financial tragedy from befalling you or a client. Common scams are often rebranded to match current trends and pop culture, and the age-old lure of sending innocent people enticing offers of free cruises or cash rebates is recycled so often because it always finds one or two victims unfamiliar with it. Making sure your client knows how to determine whether an email or phone call is from a legitimate organization with a legitimate offer is often the first step when it comes to preventing phishing scams. A simple background check is sometimes all it takes.
Most people like to believe that they’d never fall for a phishing scam, because it’s “just too obvious.” The reality, however, is that human error is virtually always the cause of a phishing scam’s success. It’s well established that humans are almost always the weakest link in the security chain protecting our data, so accountants in particular must take it upon themselves to rise above the pandemonium and ensure they’re not forwarding their client anything dangerous.
A vital part in maintain your security is listening to your IT professionals, too. Your system administrators may have solutions to phishing problems frequently encountered by your employees or clients, and their advice shouldn’t be dismissed out of hand as being irrelevant or too costly. Tax pros hoping to avoid phishing scams should understand that their client’s data is an invaluable part of what they’re charged with protecting, and invest in the appropriate IT infrastructure to ensure its safety.
Social engineering can be incredibly effective; most phishing scams today rely on criminals posing as someone familiar to the target, or as someone from a position of authority who can’t be ignored. By ensuring that you, your client, and any other employees related to your work know what red flags to look for, you can avoid the worst of the scams.
No amount of effort or money spent by your client can ensure their privacy or security if you aren’t on board as their trusted tax professional, however. While it’s important for accountants and other tax pros to keep their clients up to date on the latest scamming trends, the most important responsibility you’re charged with is keeping your own accounts and data secure.
Some of the fantastic advice offered by the IRS can be put to use ensuring your own security as a tax pro. Making sure your clients data is properly disposed of is one commonly overlooked tip; all it takes is one password or sheet of personal information to be improperly destroyed for it to fall into the hands of a malevolent scammer. Similarly, poor information-security on your end, such as incredibly weak passwords or terrible network security, could result in a hacking breach which leaves your client’s data vulnerable.
Periodic updates, which include training sessions for yourself and for any staff you employ, can also ensure your security is 100% up to date. Risk assessments and information security plans, too, which are often touted by the IRS and larger companies as useful, can help formalize and institutionalize your firm’s approach to avoiding phishing and other scams.
Keeping an eye out for suspicious attachments, double checking that you’re not clicking a “lookalike” URL, and avoiding fishy links (no pun intended) are all things a savvy tax pro needs to do to keep themselves, and thus their client, secure. Scammers who rely on phishing are patient, and will often send dozens if not hundreds of messages trying to pry out your information. By maintaining high security standards and looking at every email and attachment with scrutiny, however, tax pros can stay ahead of the curve and avoid common phishing scams.
Gary Eastwood is a CPA licensed senior accountant from Seattle, Washington. He received his CPA license from the Washington State Board of Accountancy in 2001 before relocating to Onawa, Iowa in 2008. Over more than 15 years of accounting experience, Gary has worked with multinational health service providers and independent CPA firms. He has a proven ability in dealing with business clients from a variety of backgrounds as well as leading companies to greater efficiency and profitability. He is familiar with both US GAAP and China GAAP.