Protecting You and Your Clients from Phishing Emails
Article #: 18584
Last Updated: November 04, 2024
Phishing is a fraudulent tactic where scammers attempt to steal sensitive information, such as usernames, passwords, bank, and credit and debit card information, often through deceptive emails. This article highlights steps tax return preparers can take to educate and protect both themselves and their clients from phishing threats.
Note It is equally important that both tax return preparers and taxpayers know how to identify and protect themselves against scams and phishing attempts. Drake Software recommends sharing the document Phishing Guidance for Taxpayers with your clients to help keep both them and your practice safe.
Educate Clients
-
Maintain open and frequent communication with clients throughout tax season.
-
Educate clients about the common tactics used in phishing emails, such as urgent requests, suspicious links, and requests for personal information.
-
Encourage clients to verify the sender's email address before clicking any links or opening attachments.
-
Remind clients to use strong, unique passwords for their tax accounts and other online services.
-
Encourage clients to enable two-factor authentication whenever possible for added security.
Note If you use Drake Pay to send payment requests to clients, see Drake Pay – Phishing vs. Legitimate Emails for details on what legitimate Drake Pay emails look like.
Practice Safe Email Habits
-
Warn clients against clicking on links in unsolicited emails, even if they appear to come from a known sender.
-
Be cautious of emails demanding immediate action or threatening consequences.
-
If a client receives an unexpected email requesting sensitive information, advise them to contact the sender directly using a verified phone number or email address.
-
Implement robust email filters to block suspicious emails and spam.
-
Ensure that all software and antivirus programs are up to date to protect against phishing attacks.
Secure Communications
-
Use secure communication channels, such as a secure portal, to share sensitive information with clients. Drake Portals is a great way to do so.
-
Refrain from sharing sensitive client information via email or other unsecured methods.
-
Conduct regular security audits of your office network and systems to identify and address vulnerabilities.
Report Suspicious Emails Immediately
If you or your client receive a suspicious email, do not click on any links in the email, and immediately contact Drake Software at (866) 369-9308 to report the phishing email. If you suspect you may have fallen victim to a phishing scheme, or if you clicked on any links in the phishing email, contact Drake Software at (866) 369-9308 to secure your account.
For details on how to properly forward a suspected phishing email to Drake Software for investigation, see Reporting Phishing Emails.