The AICPA works hard to protect you from cyber attacks. We take your online privacy seriously, and we want to help safeguard you from email scams and suspicious websites, and other malicious online activity. We protect your personal information on AICPA systems by utilizing multi-layered security hardware and software, as well as cyber and information security best practices. Here is some basic information and tips for you to enhance your cyber security.
An email falsely claiming to be from a legitimate, reputable organization, such as the AICPA or any other AICPA entity, including CPA.com, CPA2Biz.com, CGMA.org, etc., is commonly known as “phishing." It got this name because the person, or criminal entity, sending you the email is usually "fishing" for personal or financial information. The email may look legitimate, but in attempting to replicate an email from the AICPA, you will commonly find misspellings, typos, suspicious email addresses for the sender, or design flaws.
Phishing emails will commonly ask for your personal or financial information, direct you to a fraudulent (“spoofed”) website that requests information, or include fraudulent phone numbers. Clicking on the link to the spoofed website often downloads a virus that grabs your personally identifiable information.
If you suspect that you have received a phishing email, delete the email without replying or clicking on any links or attachments. If you are unsure whether an email is legitimate, contact the sender through other means (telephone, texting) to verify the validity of the email. We encourage you to alert us of suspicious email activity and/or “spoofing” websites so we can take the appropriate measures to help protect you and other AICPA members from future attacks. After following these steps, delete the email.
If you have received an email that appears to be a phishing scam and immediately deleted it, your information and computer is likely to be safe. However, we recommend you run updated virus protection as a precaution.
How can I tell if this email is from the AICPA?
Always refer you to our secure websites (aicpa.org, cgma.org, cpa2biz.com, cpa.com, etc.) to collect personal information.
Never ask you to reply with a password or a social security number.
Never ask you to verify account or order information through a link in the email. Account and order information is only accessible through our secure websites.
Never contain unsolicited attachments.
Always are reviewed and proofread, reducing the amount of errors and typos.
Never use an IP address (string of numbers) in the header or body of our email communications, e.g. http://123.456.789.123/aicpa
Beware of phishing and fraudulent emails, which:
Ask you for personal information, including your AICPA username and password, Social Security number, Tax ID number, financial records, bank account numbers, debit or credit card numbers or security codes, etc.
Ask you to verify account information through a link in the email or by calling a phone number.
May ask you to copy and paste website URLs into your browser.
Contain attachments including images, files and documents.
Include broken links.
Misspell your personal information, such as your name.
Help protect yourself
Regularly update antivirus, firewall, intrusion detection and intrusion protection solutions.
Install the latest releases and patches for your operating systems and critical programs, especially on systems that host public services and are accessible through your firewall.
Update your web browsers. Many of the newer versions of web browsers, such as Internet Explorer, Firefox, and Chrome have advanced security features.
Configure mail servers to block or remove email that contains attachments that are commonly used to spread viruses.
Train employees to not open attachments unless they are expected and come from a trusted source, and to not execute software that is downloaded from the Internet unless it has been scanned for viruses.
Do not provide personal information such as user IDs, account numbers or passwords in response to an email, even if the email looks legitimate.
Do not respond to text messages or voicemails that ask you to call a number and enter personal information such as account numbers.
Regularly update your email and online passwords.
Consider the possibility of restricting Internet use by employees, specifically shopping, as they are opportunities to compromise the network.
Have emergency response procedures in place, including back-up and restore capabilities in order to restore lost or compromised data.