Businesses are increasingly becoming the targets of sophisticated cyber-attacks, and professionals are no exception. When cyber-criminals breach a professional service firm, they not only may gain access to the firm’s corporate data, but also confidential information from the firm’s clients. Therefore, it is incumbent on all professionals to make data security a priority.
In order to combat this threat, the IRS recently issued a warning to accountants and tax preparers about a new phishing scam intended to access professional and client information. The phishing scam involves two phases. First, an email is sent to the accountant purporting to be on behalf of a client requesting tax services. If the accountant responds to the email, a second email will be sent with an embedded web address or attachment supposedly containing the prospective client’s tax information. However, clicking on the link will result in exposure of the accountant’s email address, password, and other private information. The IRS further cautioned that these emails may appear to come from legitimate sources that have themselves been compromised, such as public companies or from the accountant’s email contacts.
The IRS has issued guidelines intended to protect accounts and their clients from malicious cyber-attacks, which include requiring login passwords when using tax-related software and multifactor authentication when accessing client accounts. In addition, accountants are cautioned to consult with technological security advisers for regular guidance on data security practices. Regardless of the security measures taken, however, accountants and other professionals must remain vigilant for potential attacks. If an email looks suspicious, or includes a link that the professional is not expecting, the professional should avoid opening the attachment and further investigate its source. Professionals who fail to make data security a priority, could not only compromise their clients’ data, but also their professional reputation.