As technology advances, so do the tactics of cybercriminals targeting businesses, especially accounting firms. So, it is crucial to watch out for the latest scams. 

With sensitive financial data, accounting firms are prime targets for scammers and hackers. This article explores the latest scams affecting the accounting profession as well as providing practical tips to safeguard your firm from these growing threats. 

The Most Common Scams Targeting Accounting Firms 

Whilst it seems like every year the same scams top the list, it is important to know that these scams still change and evolve over time; especially as technology improves. It becomes harder to spot these scams without special training. 

1. Phishing Attacks

Phishing remains one of the most prevalent threats. Scammers pose as trusted entities—banks, tax authorities, or even clients—tricking accountants into revealing sensitive information like login credentials or financial data. These attacks often occur via email but can also happen through phone calls or text messages. 

This scam has particularly evolved with the advent of AI; the technology now available can help them impersonate better than ever before. They are even able to do something called “deep faking” where thanks to a few photo stills, or 20 seconds of video they can impersonate your look as well as your face. It is amazing and scary what AI technology will achieve in 2024. 

2. Business Email Compromise (BEC)

In Business Email Compromise, scammers hijack or spoof email accounts, often pretending to be a senior executive or important client. This is an offshoot of phishing attacks, as it is utilizing a lot of techniques but instead of impersonating a company, it is someone you know.  

This type of attack is all about money. The criminal will often send fraudulent payment requests, hoping the firm will wire money to the wrong account. Because these emails appear legitimate and from someone the staff member knows, they can be difficult to detect.

3. Fake Tax Preparation Services

Unique to accounting firms and the taxation industry, some scammers set up fake tax preparation websites, offering to file taxes on behalf of clients or accounting firms. These fraudulent services collect personal information, which they later use for identity theft or selling the data on the dark web. 

This may affect accounting firms as they may actually impersonate the firm and use the implicit trust and reputation you have tried so hard to build for your business.

4. Ransomware Attacks

Ransomware is a growing problem for accounting firms, in fact it is one of the fastest-growing cyberattacks in the US. In this scam, a hacker infects the firm’s systems with malicious software that encrypts critical files, making them inaccessible. The hacker then demands a ransom, usually in cryptocurrency, to restore access. Failure to pay can result in the permanent loss of client and firm data. In some cases, even after the ransom is paid the criminal may still refuse to unencrypt your files and demand an increasingly large amount of money.  

5. Fake Invoices or Payment Redirection

Another common scam is invoice fraud, which can be attached to BEC or phishing attacks. Scammers send fake invoices that appear to come from legitimate vendors or clients. In some cases, fraudsters may hack email accounts to intercept legitimate invoices and change payment details, diverting funds to fraudulent accounts. 

This can be particularly evident in accounting firms who often handle a large amount of transactions and invoices every day.  

How Accounting Firms Can Protect Themselves 

Whilst it may seem like criminals are lurking around every corner looking to attack your firm, there are many simple steps you can take to protect your clients and your firm from cyberattacks.  

1. Implement Strong Email Security Protocols

One of the most effective ways to combat phishing and BEC scams is by securing email systems. Use two-factor authentication (2FA) for all email accounts and ensure employees are trained to recognize suspicious emails. Email encryption can also prevent unauthorized access to sensitive communications. 

Here at Practice Protect we mandate MFA on all applicable applications as adding that second layer of protection can help stop the less sophisticated, or the high turnover criminals off. It is important to deter as many would-be criminals as possible and make you look like an unattractive target.

2. Conduct Regular Cybersecurity Training

All staff should undergo regular cybersecurity training to stay aware of the latest threats. Training should include how to recognize phishing attempts, handle suspicious links or attachments, and the importance of reporting any unusual activity. 

In many cases, your cybersecurity insurance provider, plus the FTC mandate this as part of the FTC Safeguards rule. 

3. Use Up-to-Date Security Software

Ensure that your firm’s software is up to date through automated patching of all software, as well as the installation of more advanced AI-based anti-virus. Automated security patches should be installed as soon as they’re released to minimize vulnerabilities. 

By ensuring that you are keeping up with the latest updates you can be certain you have got the strongest protection currently available on the market. 

4. Verify Payment Requests

For BEC and invoice scams, always verify payment requests, especially for large sums or any changes to vendor payment information. Implement a multi-step verification process, such as confirming requests via phone calls to a known number. 

5. Use Secure File-Sharing Methods

Never send sensitive information, such as tax forms or financial reports, via email unless they are encrypted. Instead, use secure file-sharing platforms designed for confidential information. Password-protect documents when necessary and share passwords through a separate communication channel. 

6. Review Vendors and Clients Thoroughly

Be cautious when engaging with new vendors or clients, especially if they request sensitive information upfront. Perform thorough background checks and verify the legitimacy of any service provider you plan to use, especially those offering online tax or accounting services. 

7. Establish a Response Plan for Data Breaches

Even with the best precautions, breaches can happen. Having a response plan ensures that your firm can act quickly to mitigate damage. This plan should include immediate steps for isolating compromised systems, notifying clients, and reporting the breach to the relevant authorities. 

This is a legal requirement under the FTC Safeguards rule and something all firms should have in place sooner rather than later.  

The accounting industry is a valuable target for cybercriminals, but with the right security measures, firms can reduce their vulnerability. By staying informed about the latest scams and implementing robust cybersecurity practices, accounting firms can better protect themselves and their clients from potential threats. 

Not sure where to start with your cybersecurity? Book in time to chat with one of our Cyber Security Consultants today.