Drake Pay – Phishing vs. Legitimate Emails

Article #: 15340

Last Updated: December 05, 2024

 


Tags: Drake TaxDrake AccountingWeb1040RightworksGruntWorxDrake SchedulerDrake PortalsDrake PayDrake DocumentsDrake ZeroSecureFileProRight WorksGrunt WorxDrakeZeroDDMDAS

Drake Pay logo

Phishing is a fraudulent tactic where scammers attempt to steal sensitive information, such as usernames, passwords, bank, and credit and debit card information, often through deceptive emails.

Tax return preparers and their clients are prime targets for phishing attacks. Scammers may send emails disguised as legitimate invoices to trick clients into making payments. It is crucial to be vigilant and educate clients about these scams.

You should never click on an email or any links in an email that you are not expecting. Always verify the source and legitimacy of an email before opening it or clicking on any links. Phishing schemes may appear to be sent from a Drake Software email address or non-Drake address and typically ask that the recipient reply with personal details or click on links.

Important  Drake Software will never request that you provide personal information through email. Delete the email immediately and do not click any links or reply.

Example Scam*

Fraudsters can create fake invoice emails that appear to come from reputable tax return preparers. If unsuspecting clients fall for the deception, they risk sending sensitive personal information and money directly to the scammer.

*Although no such scam has been reported, it is essential to be aware of this potential threat.

Common Phishing Signs

Some common signs indicating that an email is not legitimate are as follows:

  • The blue hyperlink displays a non-Drake website when you hover over it. (Do NOT click it!)

  • The email contains grammar and spelling errors.

  • The email is from a fake email address that is only slightly altered from a legitimate email address.

  • The email demands immediate action or threatens consequences for not taking action.

Note  For additional ways to protect yourself, see Protecting You and Your Clients from Phishing Emails. Drake Software also recommends sharing the document Phishing Guidance for Taxpayers with your clients to help keep both them and your practice safe.

Drake Pay Users – What Legitimate Payment Requests Look Like

If requesting payment for your services through Drake Pay, you should let your client know when you are planning to send the invoice so that they can expect an email from you. For more information on sending payment requests, see Drake Pay – Sending Payment Requests .

Legitimate Drake Pay Emails

  • Come from no-reply@DrakeSoftware.com

  • Address the recipient by name (not “Dear Client”)

  • Contain the name of the tax return preparer or tax firm

  • Contain a payment link that begins with https://drakepay.drakesoftware.com/manager/#/pay-now/. The text following “pay-now” is unique for each payment request.

An example Request Payment email

Legitimate Drake Pay Webpages

  • Begin with https://drakepay.drakesoftware.com/manager/#/pay-now/. The text following “pay-now” is unique for each payment request.

  • Contain the Drake Pay icon in the top-left

  • Display the taxpayer’s name in the top-right. If no name was entered when sending the request, the client’s email address is displayed instead.

  • Show the firm’s name above the Amount

  • Display the Drake Pay logo in the bottom-left

The Drake Pay payment page

Actions to Take

If you or your client receive a suspicious email, do not click on any links in the email, and immediately contact Drake Software at (866) 369-9308 to report the phishing email. If you suspect you may have fallen victim to a phishing scheme, or if you clicked on any links in the phishing email, contact Drake Software at (866) 369-9308 to secure your account.

For details on how to properly forward a suspected phishing email to Drake Software for investigation, see Reporting Phishing Emails.