Beware of common scamming attempts

ALERT: Be aware of common scamming attempts - including contacts from the "IRS"

May 5, 2015

We recommend you educate employees on how to help protect the organization and themselves from scams. These 5 simple steps are a good start.

Attempted fraud and scams of organizations continue to rise. Protecting yourself and your organization from fraudsters can save you thousands or even millions of dollars. Scammers’ tactics have become increasingly sophisticated, including manipulation of email, websites and caller IDs to appear legitimate.

We recommend you educate employees on how to help protect the organization and themselves from scams. These 5 simple steps are a good start.

Go with your gut.

If an email, phone message, or online interaction doesn’t seem quite right, there is a good chance it isn’t. Investigate before going any further. Signs of scams may include:

  • Requests for financial information (such as bank account information)
  • A lack of personalization (e.g., the scammer does not give a company name or know your name/account information)
  • Mention of a transaction or other activity you do not recall
  • Time pressure to respond

Any of these signs or a bad feeling about the contact is a good reason to double-check the message’s credibility, in ways such as contacting the organization directly to verify whether it tried to reach you.

Exercise extreme caution when divulging sensitive information.

Reputable businesses won’t ask for financial information by email or request that you call an unfamiliar phone number to update your account information. Ensure that your online transactions are always made through legitimate, secure Internet connections. Never enter sensitive information into pop-up windows.

Also, as mentioned in a previous tax alert, remember that the IRS does not ask for debit/credit card information over the phone, nor does it force consumers to pay monies owed by a specific payment type. If you owe taxes, the IRS will mail you directly.

Don’t click.

If a suspicious email or social media message contains a hyperlink or attachment, DO NOT click on or open it. It may sound like common-sense advice, but some of the most damaging cyberattacks have started with an unsuspecting employee clicking on a bad hyperlink in an email. It’s better to remain cautious and forward the email to your IT professional.

Be in-the-know.

Pay attention to notices about scamming attempts or data breaches in the news or from other community businesspeople. Along the same lines, let others know when you have encountered a scamming attempt so that they, too, may remain aware.

Protect your computer.

Make sure that your computers and servers have the appropriate firewalls, anti-virus software, anti-spyware, and spam-filters to reduce your risk.

Learn how to protect your organization

For more information about fraudulent “IRS” scam attempts or how to protect your computer systems, contact these AGH professionals:

Shawn Sullivan

Executive Vice President
Tax Services

Shawn leads the firm’s tax group and serves on AGH’s board of directors. In addition to enhancing business performance to minimize tax consequences, he has extensive experience in mergers and acquisitions, international tax and business structuring. Shawn has public and private experience in the fields of tax and accounting and works frequently with clients in the manufacturing, automotive, wholesale distribution, real estate development and construction industries.

A certified public accountant, Shawn is a member of the American Institute of Certified Public Accountants, the Kansas Society of Certified Public Accountants (KSCPA) and chairs the KSCPA Committee on Taxation.

Brian Johnson

Senior Vice President
Technology Services

Brian joined AGH in 1992. He leads the firm’s technology services practice where he helps clients achieve measurable performance improvements through the delivery of specialized, competency-based information systems management, assurance, and advisory services. He has extensive experience in information security, network engineering, and solution development, with recognized specializations in governance, risk, control, and related consulting services.

Brian is a member of ISACA (previously known as the Information Systems Audit and Control Association), the Kansas Society of Certified Public Accountants (KSCPA), the American Institute of Certified Public Accountants (AICPA), the AICPA’s Information Management and Technology Assurance (IMTA) Section, and the Association for Supply Chain Management (ASCM). He is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC), Certified Data Privacy Solutions Engineer (CDPSE), and Certified in Production and Inventory Management (CPIM).

Brian is also a Certified Public Accountant (CPA) and a graduate of Wichita State University, where he earned Master of Accountancy and Bachelor of Business Administration degrees.

NOTE: Any advice contained in this material is not intended or written to be tax advice, and cannot be relied upon as such, nor can it be used for the purpose of avoiding tax penalties that may be imposed by the IRS or states, or promoting, marketing or recommending to another party any transaction or matter addressed herein.