It’s tax time again, and you know what that means. Well, in this case, you may not. Because what we have here is a spam scheme targeted at CPAs.
Yep, this is a tricky one. It’s an official-looking email that claims to be from the AICPA (American Institute of CPAs)—the big professional organization for accountants—saying that the recipient has been accused of “income tax refund fraud.” The email goes on to inform the bewildered recipient that that his/her CPA status could be withdrawn if he/she doesn’t respond to the complaint by downloading and filing a report document within 21 days.
Of course, downloading this document will in all likelihood install some kind of malware to the recipient’s computer. And the other links in the email look fishy as well. What’s particularly scary here is that the scammers are not only using legitimate-looking branding to trick the recipient, but they are also using fear. We can imagine how this might be effective. If you're a CPA, you can't afford to have your license revoked, so you might be inclined to click whatever links you have to, even if you might otherwise think the email is suspect. So how do you defend against this sort of scam?
The answer in a situation like this is to contact the organization that has supposedly emailed you, probably by phone. In situations like this, that looks like calling the AICPA and making inquiries about the email. Organizations and businesses will usually not give you this kind of bad news over email, so they will probably be able to tell you pretty quickly whether the email in question is fraudulent. So whether you're a CPA who receives this email during the height of tax season, or you receive an email from "your bank" telling you that you've bounced a check, don't hesitate to call the supposed sender of the email to sort it out that way, thus avoiding the unpleasant consequences of clicking on bad links.