It seems like I get an alert daily telling me about another scam that is trying to trick us into giving out our personal information or into downloading a virus or malware onto our computers. This past week I heard of two more scams that are targeted at small businesses. I am passing a few of these current scams on to you and am hopeful that you will pass them on to others to keep anyone else from becoming a victim of one of them.
QuickBooks Software Scam
Victims of this scam receive an email with the subject line “QuickBooks Support: Change Request.” The email says that they want to confirm that you have made a change to your business name. Of course, the issue is that you have not requested a change, but they provide a link that you can click on to cancel the request. Your first instinct may be to click on that link and cancel the request. Unfortunately, this is what will cause you trouble – this one click will allow malware into your device, giving scammers access to your information. This may allow them to acquire your passwords or your identification information, leading to identity theft.
With this scam, which is making its way across the nation for the second time, a scammer impersonating a corporate officer sends an email to the payroll department or HR department of your company. The email is requesting a list of employees, SSN’s or copies of W-2s. This W-2 scam first appeared last year. The scammers tricked payroll personnel into disclosing employee names, SSN’s and income information. With this information, the scammers were able to create income tax returns and fraudulently file for tax refunds. The email sent in this scam actually contained the name of the CEO and company name, so beware of this type of email and double check to make sure it is authentic.
This one is a new scam that I just heard about yesterday. An email is sent – supposedly from TurboTax – saying that you have a refund pending, but you have to submit a tax refund request and to click on the link for the refund. This exposes your personal information to the scammers and can lead to tax fraud or identity theft.
IRS Payment Scam
This scam is not a new one. I have received calls from clients for over a year regarding this scam. However, I still get calls so I wanted to remind you of it. In an email or phone call the scammer will tell you that he/she is with the IRS. They may even give you a badge number. They will say that you owe taxes and will demand payment immediately. They may request bank information or want to be paid with prepaid phone or money cards. Do not be intimidated by these messages. The IRS will not email and will not demand payment over the phone. The IRS always corresponds via mail.
These scammers are getting more sophisticated and creative every day. Be especially careful during the tax season as many of these scammers use the information they get from you to file returns and get hefty refunds. Here are a few tips to help spot phishing emails:
- Check the reply email address. Make sure it is on a company domain rather than a generic address.
- Consider how the organization/individual normally contacts you. For instance, the IRS does not use email. Do not reply to any email saying it is from the IRS.
- Read the message carefully. If the message does not sound like the person they claim to be, check with that person independently before clicking on any link or sending personal information with a reply. I have received several emails with the correct email address, but could tell it was not legitimate by the language used in the email.
- Check the destination of links before actually clicking on them. Hover over them to see where they lead. Be sure the link points to the correct domain for the company name, not a variation. Scammers are becoming more creative. For instance, using IRS.com rather than IRS.gov or a slight variation of a company name.
- Be very cautious of any email asking for your personal information or wanting you to click on a link. Be sure to have company procedures informing employees not to clink on links from unexpected sources and who to contact to verify an email if they are uncertain about it.
Hope these tips will help you to stop and think before you or your employees get caught up in a phishing scheme! Scammers are always coming up with new tricks, so stay on the look-out. You can never be too cautious…
A little more about us:
Located in West Des Moines, Iowa with a branch office in Winterset, Iowa, McGowen, Hurst, Clark & Smith, P.C. celebrates 65 years of extending excellent service to our clients, providing them with accounting, auditing, consulting and investment expertise.
Established in 1946, our staff has grown from 3 to 60 employees, making us large enough to provide our clients with a broad base of experience and resources, yet small enough to offer very personalized service—which we feel makes us stand apart from other CPA firms. In addition to the traditional services of Accounting, Tax Preparation, Audit and Business Consulting, MHC&S offers our clients specialized services including Estate Planning, Business Valuations, Cost Segregation Studies, Retirement Planning, QuickBooks Training, Financial Advisory Services, Fraud Detection and Deterrence, Business Succession Planning, Litigation Support and more.
MHC&S is a member of CPAmerica International, Inc., a national association of accounting firms offering membership to only 90 firms throughout the United States. This association offers a wide pool of additional technical expertise to the members firms, as well as continuing professional education necessary to maintain the degree of excellence which MHC&S feels is vital in today’s business environment.