background image
23
Connecticut CPA
g
January/February 2018
I
t's tax season, the busiest time of
the year. You've been diligently fo-
cused on servicing clients, giving
sage advice, and ensuring the timely
preparation of tax returns for filing pur-
poses. The mornings start early, the
evenings end late, and your free time
feels nonexistent.
During a quick lunch break, while eat-
ing at your desk, you click on a sports-
related email link that purports to bring
you to last night's scores and recaps.
The link does not appear to be load-
ing correctly and, after a couple of at-
tempts, you're unable to get to the de-
sired location.
You shake it off, finish up your sand-
wich, forget about your desire to catch
up on highlights, and get back to work.
In reality, unbeknownst to you, that
simple click has infected your com-
puter with malware.
Phishing Attacks and Malware
The hacker who sent the email and
link is now using the malware to follow
and log your subsequent key strokes.
He or she now has your user ID, pass-
word, other private information (per-
haps a security question and answer),
and everything needed to file fraudu-
lent tax returns in your clients' names.
You are about to embark upon an or-
deal that will wreak havoc on your firm
and clients.
At the recent CTCPA Cyber Secu-
rity Conference for CPAs, Whittlesey
Technology Information Systems Au-
ditor Mariya Kozlova and IT Security
and Assurance Services Manager Jay
Adams estimated that more than 80
percent of the accounting firm data
breaches their company investigates
start with a phishing attack. Phish-
ing occurs when you appear to be
receiving a legitimate communica-
tion, but, in reality, a hacker is looking
to gain access to your system (often
using manipulated links) for nefari-
ous purposes like information mining.
Fraudsters Filing Your Clients'
Tax Returns
Remember that sports-related email
with the link to get access to scores
and highlights? That short lunch break
and mental reprieve? Well, one simple
click has given a hacker the keys to
your accounting kingdom. While it
took time for the hacker to follow and
log all of your key strokes, once ob-
tained, he or she can access the nec-
essary details to quickly file false tax
returns, beating you and your clients
to obtaining reimbursement from the
government.
To make matters worse, there is no
immediate warning that the link in the
sports-related email has caused a
breach. Instead, once your clients start
to file their returns, they are met with
communication from the IRS that they
have already been filed.
Gone Phishing
With Tax Season Approaching,
Hackers Are Getting Ready
to Cast Wide Nets
By Ken Goldstein, Visiting Instructor of Business Law and Insurance, Barney School of Business, University of Hartford
The hacker who sent the
email and link is now using the
malware to follow and log
your subsequent key strokes.
He or she now has your user
ID, password, other private
information (perhaps a security
question and answer), and
everything needed to file
fraudulent tax returns in your
clients' names.
u