A new email is circulating that’s requesting a “validation” of your login credentials to “add new security measures.”
It’s designed to look like a valid email from your tax and accounting software provider, and contains language about valid security updates implemented over the last year. This phishing email is another example of bad actors using social engineering* tactics to trick staff into clicking fraudulent links and providing login credentials to access sensitive client and firm data.
If you receive an email like this, do not click the link in the email. One way to verify whether an email is valid is to carefully check the sender’s address and the text of the email for grammatical or other errors. If you’re unsure whether an email is from us (or another software provider), use your normal method to navigate to our website, or contact us.
Any practitioner who may have already opened this type of email and clicked any links within it should immediately contact their information security team or professional security provider. If your firm has been affected, your security team may advise that all staff change passwords to their tax and accounting software.
Practitioners can also see IRS Publication 4557: Safeguarding Taxpayer Data, and view any of our resources for more information and guidance:
- Visit our Customer Security page
- Review our Protecting your firm and clients against phishing scams help topic on our Help & How-To Center
- Read Jon Baron’s blog article, Your Firm’s Been Hacked: Here’s What to Do Immediately
*Social engineering is the key component of spear-phishing. Spear-phishing works by bad actors first finding entities, such as accounting firms, law firms, corporations, etc. on public websites and gleaning common information (such as names and contact information) off those websites and other online properties, such as social networks (like LinkedIn and Facebook). Next, the bad actors find common outside information, such as product names, logos and URLs of companies that serve those entities. This information allows their follow-up communications, typically email, to appear to come from a legitimate source. Potential victims need to be wary of such attempts and ensure any communications are in fact, valid.