David Anderson is principal of David Anderson & Associates, a Philadelphia forensic accounting firm that provides a full range of fraud investigation, forensic accounting and marital dissolution services in Philadelphia and the Delaware Valley.

The e-mails started coming in January. They seemed innocent enough – several people, who apparently had obtained my e-mail address from publicly available websites of tax preparers, were looking for a new tax accountant.  Each of the e-mails explained why they were seeking a new tax accountant, such as:

• They had moved and their previous accountant could no longer service them; or
• They (or their spouse) had previously prepared their own tax returns, but now their situation was too complex for them to handle this; or
• Their previous accountant had either died or proven incompetent.

In each case, they had either enclosed an attachment or a link (apparently to a Google drive, a Dropbox account, a SecureFilePro account or other similar account) containing their previous year’s tax returns and other relevant information, and asked me to review these items and provide them with a quotation for my services.

The e-mails continued to come, averaging about one a day. By late March, the e-mail messages became more desperate – typically that they knew it was late in the tax season, but they had just gotten the necessary documents together, and they really hoped that I would take them on as a new client. Some even offered to pay a premium due to the lateness. Additionally, I began to receive e-mails in late March/early April, apparently from existing clients, who apologized for not getting their completed Tax Planner and other requested documents to me earlier and hoping that I could still complete their returns prior to April 15 with the attached items.

In all, I received over 75 such e-mails this tax season. You would think that I would be delighted to have obtained 75 new clients. But there was only one problem – none of them were real, and all of them were phishing attacks designed to get me to click on an attachment or link from an unknown person and likely download malware onto my system.

As a forensic accountant, I have learned to be skeptical of e-mails and texts from unknown individuals (or individuals who claim to be known to me but are not in any of my address books). In each case, further investigation confirmed my suspicions. For example:

Several e-mails came from a person – let’s say John Smith – but the e-mail address was for Mary Jones or some person other than John Smith;

• Several e-mails came from people who needed taxes prepared for their business. But in each case, the business e-mail address turned out to be a business located on the other side of the U. S. or in Canada – highly unusual;
• A number of e-mails had return e-mail addresses with foreign extensions, such as .rs (Serbia), .id (Indonesia), .jp (Japan), .ru (Russia) and .fr (France);
• None of the e-mails addressed me specifically, instead they were all generic;
• None of the e-mails were follow-ups of previous e-mails;
• One day, two e-mails came in within 5 minutes of each other – from two entirely different people but with the exact same language in the e-mail, down to the same misspelled word;
• The links were suspicious – in some cases, if I “moused” over the link, it revealed a different address from the link. In others, the link was misspelled – such as SecureitFilePro.com instead of SecureFilePro.com.

The fact that they are going after accountants points to how sophisticated phishing attacks are becoming. Of course, I still receive such attacks on my phone or personal email account (from a bank about an account problem or from Amazon about a package being held up or from some company confirming that they have charged my credit card for $849.52), but my experience points to how a business can also be the target of a phishing attack.

What is your business doing to protect itself from phishing and other attacks on your data? Do you have policies and procedures in place to have employees be on alert for suspicious emails and to definitely NOT click on attachments or links that have not been verified?  Are they also on alert for e-mails which appear to come from a company senior executive requesting wiring of funds or providing confidential information? If not, you should consider having a forensic accountant come into your business to help you protect your data from the
“Phisher-Men,”

If you require a forensic accounting expert in Philadelphia and the Delaware Valley, please contact the Philadelphia forensic accounting firm of David Anderson & Associates by calling David Anderson at 267-207-3597 or emailing him at david@davidandersonassociates.com.

About David Anderson & Associates

David Anderson & Associates is a Philadelphia forensic accounting firm that provides a full range of forensic accounting services in Philadelphia and the Delaware Valley. The experienced professionals at David Anderson & Associates provide forensic accounting, business valuation, fraud investigation, fraud deterrence, litigation support, economic damage analysis, business consulting and outsourced CFO services. Company principal David Anderson is a forensic accounting expert in Philadelphia with more than 30 years of experience in financial and operational leadership positions. He is a Certified Public Accountant, a Certified Fraud Examiner, and a Certified Valuation Analyst.