This is a notice for site visitors.

Learn More
CAMICO Logo

This is a notice for site visitors

Learn More

The Latest

Be wary of requests made by email cyber-attacks

Email cyber-attacks

The email looks legitimate and trustworthy, and it appears to be from someone you know, such as a long-term client of the firm. The client requests a change in bank accounts and routing numbers to send a tax refund to the new account. Or the client requests a wire transfer of client funds to a new bank account.

What the recipient can’t tell is that the request is from a hacker who has commandeered both the client’s and the CPA’s email accounts. Messages going out and coming in are being controlled and manipulated on both ends – also known as a “man in the middle” attack.

Services that convert voicemail messages into email messages can also be used to help facilitate such attacks. A hacker might even take control of a tax software program, complete and file client tax returns, and redirect refunds to the hacker’s bank account.

Loss prevention tips

Avoid getting lulled into a sense of comfort with email and other communications. Be suspicious if asked to do anything out of the ordinary or routine. A fraudulent email request may resemble prior legitimate requests, but a new bank account receiving the funds is often a red flag, especially if the new account is in another country.

Phishing or social engineering schemes can be sophisticated and even employ high-grade counterfeit documents such as investment direction letters, checks, and insurance policies. Sometimes phone lines are set up to route calls to scammers posing as employees who vouch for the validity of counterfeit checks.

Verbally confirm with the client that they want to proceed in accordance with the directions in the email. This includes, but is not limited to, confirming the dollar amounts, the name of the financial institution, and the actual bank account number. Someone who knows the client’s voice can verify a request by calling the client.

Another way to verify requests is to confirm information that only the client would know and a hacker would not have access to. Consider confirming this information verbally with a phone call as well. Also, call senders to verify that unsolicited email attachments or links are legitimate before

you open or click them. Better safe than sorry!

Share this article

Sign up to receive our monthly newsletter

Sign Up
Facebook Twitter Youtube Linkedin

1800 Gateway Drive, Suite 200, San Mateo, California 94404
800.652.1772 / 650.378.6800 / inquiry@camico.com

CAMICO Services, Inc. dba CAMICO Insurance Services, CA License #0C09618. CAMICO Mutual Insurance Company, San Mateo, CA, domiciled in California is licensed in all states and the District of Columbia, NAIC #36340. Copyright © 2024 CAMICO. All rights reserved. Website design by StyleSite.

Privacy Policy
Terms & Conditions
Sitemap
California Residents: Opt-Out of Sale or Sharing