{"id":4745,"date":"2025-06-23T12:37:13","date_gmt":"2025-06-23T19:37:13","guid":{"rendered":"https:\/\/www.bullivant.com\/?p=4745"},"modified":"2025-06-23T12:37:13","modified_gmt":"2025-06-23T19:37:13","slug":"dingler-discusses-tech-scam-risk-management","status":"publish","type":"post","link":"https:\/\/studioactiv8.com\/bullivant\/dingler-discusses-tech-scam-risk-management\/","title":{"rendered":"Dingler Discusses Tech Scam Risk Management"},"content":{"rendered":"<div class=\"wpb-content-wrapper\">[vc_row][vc_column][vc_column_text css=&#8221;&#8221;]Wilhelm Dingler penned this advisory in the Pennsylvania CPA Journal, Summer 2025 issue highlighting trends in IRS scams, phishing attempts, hacks, and social media risks. Dingler shares risk management strategies and signs professionals can look out for with tech scams. To download the article, <a href=\"https:\/\/studioactiv8.com\/bullivant\/wp-content\/uploads\/2025\/06\/Liability-Lessons_Summer-2025.pdf\">click here<\/a>. For the full text, read on:<\/p>\n<h4><em>Tech Scam Risk Management<\/em><\/h4>\n<p><em>by Wilhelm Dingler<\/em><\/p>\n<p>New work-from-home paradigms, the proliferation of mobile technology, and electronic documentation for everything have all created challenges for the accounting profession. A very important aspect of these challenges is keeping a sharp eye out for those who would leverage that technology for nefarious purposes.<\/p>\n<p>Instances of phishing, social media scams, and other unsavory activities are proliferating. This article explores some of the challenges faced by accountants and some risk-management suggestions as to how to deal with them.<\/p>\n<h4>IRS Scams<\/h4>\n<p>Phishing, the practice of sending fraudulent communications that appear legitimate, often comes through email and text messaging. The IRS has been warning about these scams, and regularly publishes information about tax scams, identity theft, and the like. The IRS also publishes an annual \u201cDirty Dozen\u201d tax scams. The IRS makes it clear in many of its resources that the IRS does not initiate contact with taxpayers via email, text message, or social media channels; the agency does not call to demand immediate payment and will always \ufb01rst send a written notice and bill; the IRS does not solicit debit or credit card information over the phone; and the IRS does not demand payment via wire transfer, gift card, or other such payment method.<\/p>\n<p><em>Practice Tip:<\/em> Always verify the source of any request to take action that comes via email, text message, or social media referral. There was a time when commerce was conducted via paper, and it was a common theme then to \u201cknow your endorser.\u201d The spirit of that warning is equally valid in the electronic age. Be sure you (or your client) are, in fact, communicating with the IRS.<\/p>\n<h4>Phishing, Smishing, Spear Phishing<\/h4>\n<p>Phishing is a dangerous and an increasingly common type of cyberattack. The goal is to steal money, gain access to sensitive data and login information, or to install malware on the victim\u2019s device. Smishing is the same as phishing, but the scammer utilizes SMS\/text messages.<\/p>\n<p>There are instances when e-scammers highjack an accountant\u2019s database, emails, etc., and there are occasions when they highjack a client\u2019s email. Let\u2019s say you receive an email from a client asking you to transfer money to someone. If you seek con\ufb01rmation from the client via email and the e-scammer has compromised the client\u2019s email, you will receive a response from the thieves, not your client.<\/p>\n<p><em>Practice Tip:<\/em> Pick up the phone and call the client to con\ufb01rm the ACH trans-fer request. Also be sure to modify your practices and amend your engagement letter to specify the need for client requests for transfers to be in writing and veri\ufb01ed by you via telephone, a Teams or Zoom meeting, or other appropriate method to con\ufb01rm the identity of the requestor.<\/p>\n<p>This will help ensure that any client\u2019s direction is, in fact, his or her wish. It may behoove you to include a provision in your engagement letter that the client must notify you within 48 hours of any cyber- attack they encounter so you can ensure your systems have not been compromised.<\/p>\n<h4>Hacks and Malware<\/h4>\n<p>Sometimes spear phishing emails impersonate a client to gain access to your systems. Other times, scammers use embedded code in an email to launch a trojan horse so that they \u201cbecome\u201d a new client with access to your secure site. Once access is gained, they will look for ways to compromise various credentials, including your tax prep software information as well as tax preparer identities.<\/p>\n<p><em>Practice Tip:<\/em> You may have noticed in some emails: \u201cCaution: This email originated from outside of the \ufb01rm. Do not click links or open attachments unless you recognize the sender and know the content is safe.\u201d Heed this warning! Some-times something as simple as a two-point identi\ufb01cation (where two di\ufb00erent people con\ufb01rm a request and its legitimacy) will thwart such endeavors.<\/p>\n<h4>Social Media<\/h4>\n<p>Many e-scammers use social media to generate false \u201cadvice\u201d for tax savings. Some may claim an avenue to take advantage of a special program, such as the Employee Retention Credit, and then lead viewers to consult with their \u201chighly successful professionals.\u201d<\/p>\n<p><em>Practice Tip<\/em>: Your clients may press you to consider such social media come-ons. Remind them that such actions might result in a negative audit, \ufb01nes, and criminal charges from taxing authorities.<\/p>\n<p>One may think the above recommendations are cumbersome, but are they more cumbersome than putting your insurance carrier on notice that your client su\ufb00ered a signi\ufb01cant loss related to an email scam in which you were a duped? The \u201ccumbersome\u201d actions of trust but verify is far preferable to having to defend one\u2019s actions before a judge and jury.<\/p>\n<p>&nbsp;<\/p>\n<p><em><a href=\"https:\/\/studioactiv8.com\/bullivant\/team\/wilhelm-dingler\/\">Wilhelm Dingler<\/a> has devoted his practice of over 30 years on defending professionals, especially CPAs, in complex matters of professional liability. For more information on the advice discussed in this article, feel free to reach out to him at 206.521.6409 or <a href=\"mailto:Wilhelm.dingler@bullivant.com\">wilhelm.dingler@bullivant.com<\/a>.<\/em><\/p>\n<hr \/>\n<p>This post originally appeared as a column in the Summer 2025 issue of the Pennsylvania CPA Journal. To view all the articles in the Summer 2025 Pennsylvania CPA Journal, visit <a href=\"https:\/\/www.picpa.org\/keep-informed\/pennsylvania-cpa-journal\">https:\/\/www.picpa.org\/keep-informed\/pennsylvania-cpa-journal<\/a>.[\/vc_column_text][\/vc_column][\/vc_row]\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row][vc_column][vc_column_text css=&#8221;&#8221;]Wilhelm Dingler penned this advisory in the Pennsylvania CPA Journal, Summer 2025 issue highlighting trends in IRS scams, phishing attempts, hacks, and social media risks. Dingler shares risk management strategies and signs professionals can look out for with tech scams. To download the article, click here. For the full text, read on: Tech Scam&hellip;<\/p>\n","protected":false},"author":32,"featured_media":829,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","footnotes":""},"categories":[153],"tags":[197],"post_series":[],"class_list":["post-4745","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-professional-liability","tag-news","authorormentioned-wilhelm-dingler","entry","has-media"],"_links":{"self":[{"href":"https:\/\/studioactiv8.com\/bullivant\/wp-json\/wp\/v2\/posts\/4745","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/studioactiv8.com\/bullivant\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/studioactiv8.com\/bullivant\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/studioactiv8.com\/bullivant\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/studioactiv8.com\/bullivant\/wp-json\/wp\/v2\/comments?post=4745"}],"version-history":[{"count":0,"href":"https:\/\/studioactiv8.com\/bullivant\/wp-json\/wp\/v2\/posts\/4745\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/studioactiv8.com\/bullivant\/wp-json\/wp\/v2\/media\/829"}],"wp:attachment":[{"href":"https:\/\/studioactiv8.com\/bullivant\/wp-json\/wp\/v2\/media?parent=4745"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/studioactiv8.com\/bullivant\/wp-json\/wp\/v2\/categories?post=4745"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/studioactiv8.com\/bullivant\/wp-json\/wp\/v2\/tags?post=4745"},{"taxonomy":"post_series","embeddable":true,"href":"https:\/\/studioactiv8.com\/bullivant\/wp-json\/wp\/v2\/post_series?post=4745"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}