![\"\"](\"\/\/www.g005e.com\/wp-content\/uploads\/2023\/06\/cybersecurity_adobestock_527970463-424x283.jpeg\")
<\/p>\nthieves always build a better mousetrap, so stay vigilant.<\/b><\/p>\n
<\/p>\n
by donny shimamoto, cpa, citp, cgma<\/em> in 2018, fraudsters posed as tax authorities and state accounting and tax professional associations. these were simple phishing attacks trying to get tax practitioners\u2019 email usernames and passwords, allowing fraudsters to obtain client contact information and perform email-based password resets for other systems.<\/p>\n more:\u00a0 <\/strong>future firm growth requires a mindshift<\/a>\u00a0|\u00a0ai, ocr, nlp & cpas: oh my!<\/a> \u00a0\u00a0| \u00a0accounting nerds, unlock your super powers<\/a> \u00a0| early adopters gain an edge in audit<\/a> | dustin wheeler: for serious cas success, hire tech teams<\/a> | csr for cpas: the missing ingredient<\/a> | donny shimamoto explains how ‘agile’ applies to cpa firms<\/a> |\u00a0 staff retention for remote workers<\/a> | why the future is in risk advisory<\/a> | \u00a0ready for non-cpa “cpa” firms?<\/a> the irs reported seeing threats specifically targeting preparers in illinois, iowa, new jersey and north carolina. additionally, the irs received reports tied to a canadian accounting association.[i]<\/a><\/p>\n <\/p>\n sadly, this means tax practitioners need to be extra vigilant about being targeted by phishing attacks. if fraudsters obtain client contact information, they can also use that to do “spearphishing\u201d attacks, where they pose as you (a trusted person) telling your client that you need banking or other information from them. if your email username and password are compromised, they can monitor your inbox to see if a client responds and reply to them as if it came from you. they can also delete the client email and response they send from your inbox and sent items, respectively, so you never know it even happened.<\/p>\n in 2019, the irs saw fraudsters go back to attacking taxpayers directly\u2014this time impersonating the irs itself. email subject lines like \u201cautomatic income tax reminder\u201d or \u201celectronic tax return reminder\u201d had links that took people to an irs.gov-like website with details pretending to be about the taxpayer\u2019s refund, electronic tax return or tax account. the emails contained a temporary password or one-time password to access the files to submit the refund request. these files were trojans that, when opened, installed malware onto the person\u2019s computer.[ii]<\/a><\/p>\n the scary thing about this type of attack is that malware like this can go undetected on a computer for a long time\u2026sometimes even years. we see thieves sit and wait and gather information over time\u2014passwords, account numbers, contact lists\u2014things that could be used to create more attacks later. some will also wait to see if a person connects to a corporate network via vpn or by going into the office. once they see that they\u2019re in a network, they try to go into the servers there and spread further\u2014to other users or to other servers\u2014even eventually potentially getting admin access to the entire network, giving them access to a lot<\/em> more data.<\/p>\n over the course of the covid-19 pandemic, with everyone working from home and wanting to get their stimulus monies, there was a spike in phishing attacks posed as providing taxpayers with information about their eligibility for or payment status of stimulus funds.<\/p>\n ransomware attacks ran rampant during the pandemic as well. there were 1,251 ransomware-related incidents in 2021, up from 602 in 2020.[iii]<\/a>\u00a0 the cost of these incidences also escalated. the cost of incidences in 2021 was $1.2 billion, almost triple the $416 million cost in 2020.<\/p>\n consider what would happen if you were hit by ransomware right before a tax deadline. do you know which clients you would need to extend (assuming that was an option)? do you have the contact information for clients available offline so that you can contact them to let them know what is happening?\u00a0further, the ftc safeguards<\/a> went into place on june 6. are you at least in compliance?<\/p>\n hackers are consistently evolving. as prime targets of cyber attacks, accounting professionals should always make cybersecurity a top priority.<\/p>\n <\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" why the ftc now requires your firm to comply with new safeguards<\/strong>
\non cybersecurity for accountants<\/em><\/a><\/p>\n
\n![\"goprocpa.com\"](\"https:\/\/cpatwpe.s3.amazonaws.com\/cpatrendlines\/wp-content\/uploads\/2016\/08\/yellow_key_clip_art-e1375897299811-36p-hi-1-e1603911598474.jpg\")
\u00a0exclusively for pro members.\u00a0log in here<\/a>\u00a0or\u00a02022世界杯足球排名 today<\/a>.<\/span><\/p><\/blockquote>\n[i]<\/a> ir-2018-125, may 14, 2018 |\u00a0[ii]<\/a> ir-2019-145, august 22, 2019 |\u00a0[iii]<\/a> https:\/\/www.accountingtoday.com\/news\/ransomware-attacks-doubled-from-2020-to-2021-especially-from-russia<\/a>, <\/u>nov 2022<\/span><\/h6>\n
\n![\"\"](\"\/\/www.g005e.com\/wp-content\/uploads\/2023\/07\/screenshot-2023-07-17-at-12.07.24-am.png\")
<\/a>
\nby donny shimamoto
\non cyber-security for accountants<\/em><\/a> <\/em><\/p>\n","protected":false},"author":1382,"featured_media":112793,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","footnotes":""},"categories":[3184,1908,3120,3002,1906,2246,2306],"tags":[3652],"class_list":["post-112792","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-advisory","category-management","category-pro-member-exclusive","category-special","category-tax-practice","category-busy-season","category-tech-and-fintech","tag-cybersecurity"],"acf":[],"yoast_head":"\n