Protecting your accounting firm from email fraud and compromise

There was a 150% year-on-year increase in Business Email Compromise (BEC) attacks from 2021 to 2022, according to a report by Abnormal Intelligence.

Business Email Compromise, or BEC attacks, are sophisticated scams that target businesses and individuals through social engineering or phishing emails. They are extremely convincing, sometimes even meaning that hackers have gained access to your email systems.

Read on to find out what accounting firms can enact as protective measures against BEC:

Turn on Multi-Factor Authentication

A simple way of increasing security for your email accounts is having Multi-Factor Authentication turned on for your email. This requires an additional authentication method (aside from your username/email and password) before an account can be accessed.

Protect your domain names

A domain name is the text that comes after the @ symbol in an email address. For example, if your email is, your domain is

Your domain name identifies your business to other people on the Internet, and protecting it is key to making sure no malicious actors are able to use it to impersonate your business. If your domain name expires, it becomes available for anyone to buy and use for their own purposes. Hackers could use this to impersonate your business and contact your clients, pretending to be your business.

Renew your domain names, even ones that you don’t use anymore. You don’t want your digital identity falling into the wrong hands.

Register additional domain names

In the same vein as the protecting your domain names, registering additional domain names is a deterrent against email fraud. A common fraud method hackers use is to register a domain name that looks similar to a legitimate one.

Add another layer of security to your email systems by registering domain names that are similar to your official one.

Have email authentication measures in place

Setting up email authentication protocols on your email domain helps prevent email spoofing attacks. Email spoofing is when a malicious actor sends an email pretending to be from your email address, without needing to hack into your email account.

Email spoofing happens when a hacker alters the “From:” field of an email to show a different address it was sent from.

Setting up email authentication protocols like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) combats email spoofing. Your IT provider will provide advice on how to achieve this.

Be aware of what information you share online

In an online world, finding information to leverage in an attempt to compromise an email system is becoming increasingly easy to do.

We recommend that accounting team members be careful of any information they post online that identifies:

  • where they work
  • what their position is
  • their work email address
  • their personal email address

Have policies and procedures in place

Implementing policies and procedures that your team members follow for whenever a payment request comes in is a good preventative measure against email fraud.

If a team member receives an email from a client, a colleague or the firm’s CEO, or a third party, with an unexpected request, they should first find out if the email is a legitimate one before actioning the request.

For example, we recommend the following:

  • Have an approval process for requests like a fund transfer
  • Verify requests like these by calling the sender via a phone number they have used before
  • Make sure team members know how to verify account details

Team training and awareness

Your team members are the last line of defence against sophisticated attacks like BEC and email fraud. Ensuring your team are educated and aware of BEC and the tactics hackers use to infiltrate email systems goes a long way towards securing your firm.

Remind staff to be wary of the following:

  • requests for money, especially if urgent or overdue
  • bank account changes
  • attachments, especially from unknown or suspicious email addresses
  • requests to check or confirm login details
  • suspicious links

Practice Protect is the world’s #1 cybersecurity platform for accountants. Spanning from technology and application access to compliance and people, Practice Protect is an all-in-one platform for the modern accounting firm.

Book a demo with the team here.

Categorised in: Blog

This post was written by Practice Protect