- Make sure your customers know how to recognize and avoid a scam. With the level of complexity rising in phishing schemes, it is vital to remind your clients of what red flags to look for. For example, remind your clients of the following when it comes to email phishing schemes:
- Criminals may pose as a person or organization that they are familiar with.
- A “phisher” may hack an email account of somebody they know and send mass emails under that person’s name.
- Data filches may pose as financial organizations, credit card companies, the IRS or other government agencies, or even tax companies.
- Several of the emails used in phishing scams look very real, so clients should be advised to double check whether sending addresses match the “from” name in emails, and whether the sender’s email address matches the domain or institute that the email purports to be from.
- “Too good to be true” and crucial offers are often used, so being cautious and wary of any email containing these kinds of messages is key.
Because phishing schemes can take on so many forms, it is also significant to let your clients know how your firm will be communicating with them and how you will be asking them to provide you with the information you need to prepare their returns. Don’t limit your interaction only to individual clients; consider, businesses are also targeting of phishing schemes and likely to be very receptive to any support you can give them to help mitigate their cybersecurity risks.
- Allow clients know how you are serving to protect their sensitive information. Your clients may be quite nervous about the potential for phishing scams, particularly at this time of year when the media is full of stories about data breaches and identity theft. This is a great time to remind your clients of how your firm is not only helping to keep their data safe and secure, but also committed to protecting clients’ sensitive information during tax season and beyond.In calculation to explaining how you store, secure and exchange tax documentation, make sure that your clients know the information security protocols that you use internally with your employees, and within your workflow, to give them peace of mind and instill further confidence in your firm.
- Deliver your clients with easy, do-it-yourself safeguards. There’s no doubt that your clients will look to your firm to take the lead when it comes to helping them protect the data used to file their tax returns. However, your clients should also know that they have a accountability to do their part in keeping scammers at bay. Here are some easy protections you can educate your clients about that they can proactively implement to reduce the chance of being a phishing victim:Evading the use of email to transmit profound information and, instead, using the secure tools provided by your firm, such as client portals, collaborative article sharing platforms and cloud-based data storage.
- Deleting suspicious emails.
- Not ticking on email links or opening attachments if something seems “phishy,” or otherwise unsafe.
Altering their email and computer passwords often, and not sharing them with others.
Tax season scams are unfortunate, but they also present an opportunity for your firm to further its position as your clients’ trusted advisor by proactively helping them to avoid taking the bait when threatened with phishing scams and reinforcing your firm’s dedication to information security.