When Financial Professionals’ Strengths Are Used Against Them
By Eric E. Cohen
Two things happened to me today, and I found an odd connection between two otherwise unconnected activities.
First, my wife had problems with the garage door opener late last night. The door would not go down unless she sought to override the mechanism that reverses it for an obstruction. “See if you can fix it – but tomorrow when the light is better and it’s not as cold.” In the light of the day, it was obvious – a piece of cardboard had escaped the recycling bin, just big enough to obscure the sensor used to reverse the door if there is an obstruction. The troublesome door was working exactly as it should.
Second, I received an email. I probably get a similar email a couple of times a month. Here’s what it looks like (name/email somewhat obscured and grammar cleaned up a bit).
From: Andrew R Helix (gxnolan@britco.co.uk)
Good morning, Eric:
I’m ready to file my individual, S Corp and Sch C return. So, I went online in search of a CPA in the area, and I found you. It was nice reading about your tax service online today. My wife and I would like to know if you can file our tax return for 2021. My former CPA retired, and he is out of service. After checking you out online, I'm certain that you will provide incredible value to our tax and accounting needs. I would like to know if you can accept us as your new client, but we would like to have an idea of how much it will cost for the service ahead of time. I am a business owner, so I do have Sch C, W-2 and other 1099-R forms. I have got some estimated payments, which I already paid. I’ll also need your service for my business return. I understand if your client capacity is full now.
I can send you a copy of last year’s tax refund and this year's forms to go over it and let us know your price, and then we decide if you can file for my extension. I will wait till then to complete it, but beforehand I need to know the pricing.
H. Andrew
This was cleaned up for spelling and grammar, although I’ve left an inconsistency or two but, whoever crafted this, was knowledgeable about US taxation, had a nice hook with the business return, and more. The biggest give away to me is that in almost every case when I’ve received an email like it, the email address did not match the given name and reflected a UK institution. And I have no web site saying I have a tax practice.
What does this have to do with things that go wrong when they should work as they ought to?
- Financial professionals look for opportunities (their CPA just retired!).
- We tend to be curious and analytical (send those documents over; I bet we can find something to benefit the client).
- We tend to be helpful (they are in need … and said they liked our online presence!).
So, what’s going on?
- Our computers have access to financial information.
- A cry for help is seldom perceived as a cyberthreat.
- Loading prior year document is a big enticement to introduce threats onto our systems, whether initially, or at a later time.
Financial professionals have a professional responsibility for confidentiality and a legal responsibility to preserve the privacy of our clients and organization. But we are predictable and sometimes not set for cryptosecurity threats. Leaving USB (flash) drives lying around an office with malware on them, phishing attempts, taking advantage of poorly trained or extremely stressed staff people willing to cut corners … most are pretty common to most white-collar environments. But reaching out as a potential client with upward potential – that’s pretty low. That’s failure by things that should be working like they ought to; we are the masters of risk, but we need to keep working on getting cyber literacy embedded into our own actions.
Comments
- No comments found
Leave a comment