Spear phishing is an email targeted towards a specific individual, organization, or business. The intent of these emails is to steal data for a malicious purpose. The information they are after can be many things such as: bank accounts, credit cards, social security numbers, EIN, or other sensitive information. Accountants are often the target of these types of attacks because of the volume of data they often are responsible for. On February 16, 2022 The IRS released a statement warning tax professionals of new email scams attempting to steal information.
The latest phishing email uses the IRS logo and a variety of subject lines such as “Action Required: Your account has now been put on hold” The IRS has observed similar malicious emails that claim to be from a “tax preparation application provider”. One variation offers an “unusual activity report”
These scams evolve rapidly, and firms should be diligent at protecting themselves from these types of attacks. What can you do to protect yourself? Plus 1 Technology believes in a multiple prong approach at protecting firms from these types of attacks. The first method for protection is an email protection suite such as Barracuda’s protection software. This tool helps users identify phishing emails, first time senders, spoofed emails, and email with malicious content or links. This protection suite also scans every link to ensure it will not take the user to a dangerous website. The second protection is to provide your employees with training to help them identify these types of emails and how to “think before you click” and using the SLAM method to identify emails. The last protection we put in place is ensuring companies have proper policies for processes such as bank wires, providing credit card numbers, and policies around the security of client data.
These spear phishing attacks are becoming more targeted to tax professionals and their success could cause irreputable harm to your business. Every firm should be on the look out for these attacks and putting the proper protections in place to protect their data and their client’s data.