Guest bloggers from the law firm Goldberg Segala posted the following which we thought is timely and pertinent:
Businesses are increasingly becoming the targets of sophisticated cyber-attacks, and professionals are no exception. When cyber-criminals breach a professional service firm, they not only may gain access to the firm’s corporate data, but also confidential information from the firm’s clients. Therefore, it is incumbent on all professionals to make data security a priority.
In order to combat this threat, the IRS recently issued a warning to accountants and tax preparers about a new phishing scam intended to access professional and client information. The phishing scam involves two phases. First, an email is sent to the accountant purporting to be on behalf of a client requesting tax services. If the accountant responds to the email, a second email will be sent with an embedded web address or attachment supposedly containing the prospective client’s tax information. However, clicking on the link will result in exposure of the accountant’s email address, password, and other private information. The IRS further cautioned that these emails may appear to come from legitimate sources that have themselves been compromised, such as public companies or from the accountant’s email contacts.
The IRS has issued guidelines intended to protect accounts and their clients from malicious cyber-attacks, which include requiring login passwords when using tax-related software and multifactor authentication when accessing client accounts. In addition, accountants are cautioned to consult with technological security advisers for regular guidance on data security practices. Regardless of the security measures taken, however, accountants and other professionals must remain vigilant for potential attacks. If an email looks suspicious, or includes a link that the professional is not expecting, the professional should avoid opening the attachment and further investigate its source. Professionals who fail to make data security a priority, could not only compromise their clients’ data, but also their professional reputation.
March 8, 2017
Regrettably we have see the number of these social engineering claims increase (two so far in the first week of March 2017) and we are glad to report that CPAGold has responded to these claims. We have covered this topic extensively in prior posts and offered risk management suggestions. The simplest is that if you receive a request from a client requesting services, make a call to the client BEFORE you do anything or click on any links. This should be standard operating procedures and take a few seconds. This may avoid an expensive and time consuming claim.