Why We Won’t Open Your Attachment or Click on Your Link

Dear Geoffrey,
I am attaching a PDF with my W2 information for my tax return.

Dear Sterck Kulik O’Neill,
Can you tell me how much it would cost for you to do my tax return. I am sending a PDF copy of last year’s return with this email.

Hey, Charles. I have uploaded my tax information to http://bit.ly/my2017taxinformation .

A few times a month we get messages inviting us to open an attachment to an email or to click on a link where we are supposed to get information a client (or prospective client) has sent us.

We don’t click to open or follow! Even when the messages come from an email address of a client we know.

Few of the messages we get out of the blue — from people we know and from people we don’t know — are legitimate! They are Spear Phishing attempts. Spear Phishing attackBad guys stuff malicious software in the PDF they are attaching in the hopes that our anti-virus software is weak or out of date. Or, they set up a web page that tries to download evil code to infect our computers, probably when we think we’re clicking to download the promised information.

They can address us by name by picking off our identities and email addresses off the Internet. They can pretend their clients of ours because they’ve broken into a client’s computer and are accessing their list of contacts.

These guys know their business and are hoping that someone will let their guard down for just a minute! And, the busy tax season time, CPAs are distracted. We are much more likely to CLICK without thinking.

But, so far, no one in our office has succumbed to the temptation to click. We keep telling ourselves that our clients know not to send sensitive information by email —  the data could be read and the ripped off by someone monitoring along the way. Moreover, we provide our clients with a secure portal to upload and download their information.

So, if you send us an email message that suggests we open an attachment or visit a link, we won’t click! (Really, we will try very hard not to click!)

Usually we don’t even respond to emails we think might possibly be from scammers. If the message is from a client, we may call and see if they really sent the message or suggest that their email has been hacked.

Of course, you should not email your social security number, private financial information, or even credit card numbers to anyone as a normal Word document, PDF, or plain text. It’s just too easy for a bad guy to monitor the Internet and help himself to your private info.

But, even if you’re willing to take the risk of identify theft by mailing your tax return to us, to your mortgage broker, or to your attorney, a smart person won’t open the document unless you’ve just talked to them and told them what is coming. (And, when you give your notification, they should tell you to use a secure transfer method!)

So, use our portal to send information or contact for other ways to get delicate data to us!

About Geoffrey

Geoff is the partner who leads Sterck Kulik O'Neill's administration and applied technology practices. He also works on tax, business development, and general accounting issues. He holds a Bachelor of Science degree in physics from Harvey Mudd College. Geoff's scientific methodology training aids him in helping clients use technology to meet their accounting and business development needs. He joined the firm in 1986.
This entry was posted in Frauds, Taxes and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *