How Firms Can Recognize and Fight Phishing Attacks

gloved hand coming out of a laptop taking a credit card
Share this content

Phishing is one of the most common types of cyberattacks facing accounting firms as criminals work to follow the money, targeting the keepers of large amounts of confidential financial information. 

And with tax season in full swing, we should take a look at what accounting firms and tax preparers need to know about phishing attacks, as well as how they can keep their practices and clients safe.

What is a Phishing Attack?

In a phishing attack, the cybercriminal, posing as a trustworthy source, tries to trick the recipient into taking the attacker’s desired action, such as providing sensitive information. A cybercriminal can cast a wide net with a phishing attack or hand-select a potential victim in a more targeted attack called spear phishing. Once a person takes the bait, the attacker can then use that information to carry out the malicious deed.

Types of Phishing Attacks

One phishing scam making the rounds this tax season involves an attacker pretending to be from the IRS, another accounting firm, or posing as a client, and asking for legal or tax forms, such as a W-2 or W-9. The attacker then races to use the employee W-2 or contractor W-9 to file fraudulent tax returns.

Some other phishing attacks that we’ve been seeing recently involve scams targeting PayPal users and those appearing to be from Apple Tech Support. These phishing emails revolve around your account being “hacked” or an “important” notice regarding your data. 

How to Recognize a Phishing Attack

While phishing can take the form of online advertisements or a phone call, they often take the form of emails. Remember that businesses should not ask for your password, login names, Social Security numbers, or other personal information by email.

If you’re not sure if an email is legitimate, there are several red flags to look out for:

Please Login or Register to read the full article

To access all of the content on our site, register (it's free!) or login to your existing account.

BONUS: If you register now you can opt to receive a digital copy of "Transform!" , Richard Francis' new book for growing firms [US/Canada ONLY].

About Todd O'Boyle

Todd O'Boyle

Todd O’Boyle is a co-founder and CTO at Strongarm, an Allied Minds company, and spent 15 years at The MITRE Corporation providing technical support to the Department of Defense and the intelligence community. 


Please login or register to join the discussion.

By isutton
Mar 16th 2017 21:02

This is a great read. Given recent events, cybersecurity is a hot button issue in contemporary society. As accountants, we frequently encounter individual's or business' sensitive information. Knowing how to keep that information from being reached by outsiders is paramount to forming a trusting relationship with clients. Everyone should be aware of the tactics and means by which people attempt to access information that they do not own. Thank you for the article, I learned a lot!
-Ian Sutton, May 2017
Tulane University

Thanks (2)
Mar 17th 2017 21:15

Ian, thanks for the kudos! We're continuing to talk to business owners and IT managers about non-technical and technical ways to protect your and your customers' information. Keep an eye out for more in the coming weeks!

Thanks (1)
Mar 21st 2017 04:03

Wow I will recommend it to students of Engineering Colleges in Kolkata. They should definitely have a look.

Thanks (1)