Be wary of requests made by email cyber-attacks

Email cyber-attacks

The email looks legitimate and trustworthy, and it appears to be from someone you know, such as a long-term client of the firm. The client requests a change in bank accounts and routing numbers to send a tax refund to the new account. Or the client requests a wire transfer of client funds to a new bank account.

What the recipient can’t tell is that the request is from a hacker who has commandeered both the client’s and the CPA’s email accounts. Messages going out and coming in are being controlled and manipulated on both ends – also known as a "man in the middle" attack.

Services that convert voicemail messages into email messages can also be used to help facilitate such attacks. A hacker might even take control of a tax software program, complete and file client tax returns, and redirect refunds to the hacker’s bank account.

Loss prevention tips

Avoid getting lulled into a sense of comfort with email and other communications. Be suspicious if asked to do anything out of the ordinary or routine. A fraudulent email request may resemble prior legitimate requests, but a new bank account receiving the funds is often a red flag, especially if the new account is in another country.

Phishing or social engineering schemes can be sophisticated and even employ high-grade counterfeit documents such as investment direction letters, checks, and insurance policies. Sometimes phone lines are set up to route calls to scammers posing as employees who vouch for the validity of counterfeit checks.

Verbally confirm with the client that they want to proceed in accordance with the directions in the email. This includes, but is not limited to, confirming the dollar amounts, the name of the financial institution, and the actual bank account number. Someone who knows the client’s voice can verify a request by calling the client.

Another way to verify requests is to confirm information that only the client would know and a hacker would not have access to. Consider confirming this information verbally with a phone call as well. Also, call senders to verify that unsolicited email attachments or links are legitimate before you open or click them. Better safe than sorry!


Download Free CPA Engagement Letters

Interested in 10 Free Engagement Letters from CAMICO?

Letters are updated for the 2017/2018 tax season and include revised language addressing foreign reporting requirements and return due date changes. This Engagement Letters Pack includes sample letters on tax preparation, compilation, preparation services and conflict of interest. Download Today!

Share this post

Comments (1)

  • anon

    I find your emails useful & helpful. It helps me in discussing what I can do and not do with my clients, their responsibilities,
    and mine. I have decided to talk to you regarding insurance, which I have not previously had. Especially with scammers, hackers, and fraudulent everything, I think I need insurance and advice.

    Nov 09, 2017

Leave a comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Latest Articles