During tax season, the frequency of emails between accounting and consulting firms and their clients increases. Consequently, so does the number of phishing scams. Because so many of our clients share confidential and personal data with us and other key service providers, we want to share some key pointers for recognizing and handling suspicious emails.
phish·ing
the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Phishing comes in many forms. Most attempts are broad-based and automated, in order to reach a large number of individuals. The goals are to attain critical information, such as credit card data, usernames and passwords. However, spear phishing is designed to target specific individuals and companies to access confidential information. A special form of spear phishing is called a whaling attack. These cases typically target high ranking employees of a company. Their objective is to steal highly sensitive information about the company or its clients. Often, these attacks originate from a compromised email address of someone you know and trust or with whom you regularly do business with.
Spotting A Scam
Trust your instincts and stay alert. If it seems suspicious, look closely for key details such as the ones outlined below.
Tip 1
Validate the email address of the person the message is being sent from.
Tip 2
Phishing scams regularly contain misspelled words and/or improper grammar either in the subject line or body of the email. If the email comes from someone you normally do business with, does the tone of the email sound like them?
Tip 3
Review the signature. Lack of details, contact information or a formal signature block strongly suggests a phishing scam. Legitimate businesses always provide contact details.
Tip 4
Be knowledgeable about how your business associates send and receive confidential information. Do they use a secured system, such as Share Safe or Share File? Is the email you received asking you to provide information in a method not normally used for correspondence?
Tip 5
If asked to send financial information or other critical data you normally would not be asked for, contact the sender by phone to verify the request. By doing so, you alert them their email address may have been compromised and fallen prey to a phishing scam.
Tip 6
Consider taking steps so your employees quickly recognize emails received from outside your organization. One such step is to auto stamp incoming emails with a warning message to heighten team member awareness. For example:
Most importantly, trust your instincts! It is best to delete the suspicious emails and do not reply. Often time, these scams will continue or increase in number if the attacker is receiving feedback.
ATKG strongly desires for its clients, vendors, and other professionals to stay safe during tax season. If you have questions or receive questionable emails you are concerned about, contact your ATKG representative for guidance. We can be reached at 210.733.6611 or via email.