By now most of us are familiar with Phishing. Cyber Criminals will send you an email telling you your PayPal or online banking account has been compromised and you need to change your password. The email includes a link to an official looking website where you are encouraged to change your password by entering your username, your old password, and the new password you want to use.

But it’s all a scam. The web page is a fraud and as soon as you enter your username and “old” password the criminals have it. Even as the web page you are on is thanking you for your help and apologizing for the inconvenience someone in China is buying plane tickets with your cash.

This scam is called “phishing” and it has been used to dupe innocent people out of hundreds of millions of dollars.

A new scam is afoot, and these criminals are now targeting AICPA members.
They are sending out official looking “complaints” in an attempt to spread a virus unto your office network. It’s unclear at this time what this virus does, but since it’s targeting tax and financial professionals it’s likely trolling your network for numbers that can used by identity thieves. Tax forms are easily flagged and contain names paired with social security numbers, occupations, incomes… literally everything an identity thief needs to know. The danger posed by a targeted attack on an accounting professional cannot be overstated.

The fraudulent emails are being sent out addressed to “Valued accountant officer”.
Don’t waste your time trying to figure out who sent it. To a casual observer it will look like it came from AICPA, but most likely it was sent by an infected machine. On closer examination the from field will be obfuscated. You won’t be able to track down the culprit by doing a forensic examination of the email.

The text in the email has been surprisingly consistent. It reads, “We have received a complaint about your recent involvement in income tax refund fraud on behalf of one of your employers. According to AICPA Bylaw Section 765 your Certified Public Accountant status can be canceled in case of the occurrence of filing of a false or fraudulent income tax return on the member’s or a client’s behalf. Please find the complaint below below and respond to it within 14 days. The failure to respond within this period will result in suspension of your CPA license.”

There is a link in the email mapped to a document called “Complaint.doc”. DO NOT OPEN THIS LINK.
Nobody is really sure what this is, but it’s certainly not a document. Most likely it contains a virus, but authorities have yet to identify exactly what it does.

The AICPA has instructed the public to leave these emails unopened.
In an official statement the AICPA has responded, “If you receive the email, delete it immediately. We have notified law enforcement of the incident and continue to monitor the situation.”

If you have already opened this file you are very likely infected with some kind of virus. Drop what you’re doing, manually update your anti-virus program and run it immediately. The AICPA is actually recommending that you take these steps even if you did not open the complaint link. If you’re not sure what program to run popular anti-virus programs include Norton, McAfee, AVG, Kapersky, Symantec, and Comodo. Don’t forget to manually update the application before you run it. Many modern viruses disable the auto-update functions of anti-virus applications.

AICPA has set up a hotline to call for help if you believe you have been infected or if you want up-to-date information. Call (888) 777-7077 and select option 1. You will be connected to an AICPA representative that will be fully briefed on the matter.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.