{"id":5700,"date":"2026-03-04T01:28:10","date_gmt":"2026-03-04T06:28:10","guid":{"rendered":"https:\/\/verito.com\/blog\/?p=5700"},"modified":"2026-03-05T01:33:03","modified_gmt":"2026-03-05T06:33:03","slug":"tax-season-scams","status":"publish","type":"post","link":"https:\/\/verito.com\/blog\/tax-season-scams\/","title":{"rendered":"Tax Season Scams Every QuickBooks User Should Know (Based on IRS Guidance)"},"content":{"rendered":"\n<p>Every busy season, your firm juggles client deadlines, QuickBooks files, e-filing cutoffs, and last minute document chases.<\/p>\n\n\n\n<p>That same pressure is exactly what scammers count on. The IRS warns that many schemes peak during filing season as taxpayers and tax professionals rush to prepare and file returns.<\/p>\n\n\n\n<p>At the same time, the <a href=\"https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2025\/03\/new-ftc-data-show-big-jump-reported-losses-fraud-125-billion-2024?utm_source=chatgpt.com\" target=\"_blank\" rel=\"nofollow\" ><strong>Federal Trade Commission<\/strong><\/a> (FTC) reports that consumers lost more than <strong>12.5 billion dollars<\/strong> to fraud in 2024 alone, a <strong>25% jump<\/strong> from the prior year, with imposter scams among the top categories.<\/p>\n\n\n\n<p>If your firm lives in QuickBooks Desktop, those numbers are not abstract. You work with live bank feeds, payroll data, and full tax histories inside a system that criminals know how to target through phishing emails, fake Intuit login pages, and support scams.<\/p>\n\n\n\n<p>The IRS explicitly cautions that if you get an email, text, letter, or call that claims to be from the IRS, it might be a scam or bad tax advice.<\/p>\n\n\n\n<p>For small and mid-sized CPA firms, the damage goes beyond a single stolen refund. A successful scam can lock you out of QuickBooks, compromise dozens of client files at once, or trigger reportable security incidents under IRS and FTC expectations. That is why the IRS publishes an <a href=\"https:\/\/www.irs.gov\/newsroom\/dirty-dozen\" target=\"_blank\" rel=\"nofollow\" ><strong>annual Dirty Dozen list<\/strong><\/a> of the most dangerous tax scams, and why this article leans heavily on that guidance while translating it into day-to-day QuickBooks workflows.<\/p>\n\n\n\n<p>This article focuses on how tax season scams actually show up for QuickBooks users, how to tell real IRS contact from fraud, what to do if you have already clicked or paid, and how to structure your QuickBooks environment so a single mistake does not become a firm-wide crisis.&nbsp;<\/p>\n\n\n\n<p>It is written for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CPA and EA firms handling individual and business returns.<\/li>\n\n\n\n<li>Bookkeeping and CAS practices running QuickBooks Desktop in multi-user mode.<\/li>\n\n\n\n<li>Small businesses that rely on QuickBooks and occasionally file their own returns.<\/li>\n<\/ul>\n\n\n\n<p class=\"has-gray-200-background-color has-background has-small-font-size\">This article&nbsp; is informational only and does not replace legal, tax, or law enforcement advice. Always follow official IRS instructions and your legal counsel when responding to suspected fraud.<\/p>\n\n\n\n<div class=\"cnvs-block-toc cnvs-block-toc-1772690736053\" >\n\t<\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-in-one-minute-what-you-will-get-from-this-guide\"><span id=\"in-one-minute-what-you-will-get-from-this-guide\"><strong>In One Minute: What You Will Get From This Guide<\/strong><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A simple rule set for how the IRS really contacts you and what it will never ask you to do, so your staff can reject fake calls, emails, and texts in seconds.<\/li>\n\n\n\n<li>Concrete examples of the most common tax season scams that target QuickBooks users, including IRS impersonation calls, phishing, fake QuickBooks login pages, and bogus support popups.<\/li>\n\n\n\n<li>Clear checklists for what to do if someone in your firm clicked a link, opened a malicious attachment, shared sensitive information, or sent money.<\/li>\n\n\n\n<li>Practical changes you can make to how your firm uses QuickBooks Desktop and related tools so that one compromised inbox or workstation does not expose every client.<\/li>\n\n\n\n<li>A set of FAQs you can adapt into internal guidance or client education, based directly on the latest IRS scam alerts and security expectations.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-key-definitions-for-this-guide\"><span id=\"key-definitions-for-this-guide\"><strong>Key Definitions for This Guide<\/strong><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\" id=\"h-1-irs-impersonation-scam\"><span id=\"1-irs-impersonation-scam\"><strong>1. IRS Impersonation Scam<\/strong><\/span><\/h3>\n\n\n\n<p>A fraud where criminals pretend to be IRS employees, private collection agencies, or authorized partners to pressure you into paying, sharing sensitive information, or clicking links.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\" id=\"h-2-phishing\"><span id=\"2-phishing\"><strong>2. Phishing<\/strong><\/span><\/h3>\n\n\n\n<p>Fraudulent emails, texts, or messages that try to trick you into revealing passwords, MFA codes, bank information, or opening infected attachments. In this context, that often includes fake IRS notices or QuickBooks \/ Intuit messages.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\" id=\"h-3-tax-identity-theft\"><span id=\"3-tax-identity-theft\"><strong>3. Tax Identity Theft<\/strong><\/span><\/h3>\n\n\n\n<p>When someone uses a stolen SSN (Social Security Number), ITIN (Individual Taxpayer Identification Number), or EIN (Employer Identification Number) to file a tax return or claim a refund before the legitimate taxpayer files, often using data stolen from tax professionals or payroll systems.<\/p>\n\n\n\n<p>If these basics are clear, the rest of the article will show how each scam type intersects with your QuickBooks environment and what controls give your firm the most predictable protection during tax season.<\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-the-irs-actually-contacts-you-and-what-it-will-never-ask\"><span id=\"how-the-irs-actually-contacts-you-and-what-it-will-never-ask\"><strong>How the IRS Actually Contacts You (and What It Will Never Ask)<\/strong><strong><\/strong><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"683\" src=\"http:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-the-IRS-Actually-Contacts-You-and-What-It-Will-Never-Ask-1024x683.jpg\" alt=\"How the IRS Actually Contacts You (and What It Will Never Ask)\" class=\"wp-image-5705\" srcset=\"https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-the-IRS-Actually-Contacts-You-and-What-It-Will-Never-Ask-1024x683.jpg 1024w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-the-IRS-Actually-Contacts-You-and-What-It-Will-Never-Ask-300x200.jpg 300w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-the-IRS-Actually-Contacts-You-and-What-It-Will-Never-Ask-768x512.jpg 768w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-the-IRS-Actually-Contacts-You-and-What-It-Will-Never-Ask-380x253.jpg 380w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-the-IRS-Actually-Contacts-You-and-What-It-Will-Never-Ask-800x533.jpg 800w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-the-IRS-Actually-Contacts-You-and-What-It-Will-Never-Ask-1160x773.jpg 1160w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-the-IRS-Actually-Contacts-You-and-What-It-Will-Never-Ask-150x100.jpg 150w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-the-IRS-Actually-Contacts-You-and-What-It-Will-Never-Ask.jpg 1500w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Before you can spot a fake IRS message, your team needs a clear picture of how legitimate IRS contact works.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.irs.gov\/newsroom\/tax-scams-consumer-alerts\" target=\"_blank\" rel=\"nofollow\" >The IRS is explicit that it usually starts with a letter<\/a> and that unexpected calls, texts, and emails asking for money or sensitive data should be treated with caution.<\/p>\n\n\n\n<p>For busy <a href=\"https:\/\/verito.com\/hosting\/quickbooks\" target=\"_blank\" rel=\"dofollow\" ><strong>QuickBooks<\/strong><\/a> firms, that means every suspicious notice, call, or email should be routed through a simple, shared rule set rather than handled ad-hoc by whoever picks it up.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-how-the-irs-initiates-contact\"><span id=\"how-the-irs-initiates-contact\"><strong>How The IRS Initiates Contact<\/strong><\/span><\/h3>\n\n\n\n<p>In most situations, the IRS follows a predictable pattern:<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-1-first-contact-is-by-mail\"><span id=\"1-first-contact-is-by-mail\"><strong>1. First contact is by mail<\/strong><\/span><\/h4>\n\n\n\n<p>The IRS typically sends an official letter or notice by the U.S. Postal Service before calling or emailing.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-2-phone-calls-come-after-written-notices\"><span id=\"2-phone-calls-come-after-written-notices\"><strong>2. Phone calls come after written notices<\/strong><\/span><\/h4>\n\n\n\n<p>Revenue officers or agents may call about an existing matter, such as an unpaid balance, audit, or collection case, and will already have sent letters about it.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-3-in-person-visits-are-specific-and-rare\"><span id=\"3-in-person-visits-are-specific-and-rare\"><strong>3. In-person visits are specific and rare<\/strong><\/span><\/h4>\n\n\n\n<p>Personal visits are usually related to audits, collection actions, or criminal investigations and are carried out by identifiable IRS personnel who can provide credentials.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-4-email-and-text-are-limited-and-controlled\"><span id=\"4-email-and-text-are-limited-and-controlled\"><strong>4. Email and text are limited and controlled<\/strong><\/span><\/h4>\n\n\n\n<p><a href=\"https:\/\/www.irs.gov\/newsroom\/irs-text-messages\" target=\"_blank\" rel=\"nofollow\" >The IRS does not send unexpected texts<\/a> and does not generally initiate contact by email to request personal or financial information. Text messages are used only with the taxpayer\u2019s permission when they have subscribed to alerts.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-5-payment-goes-through-official-channels-only\"><span id=\"5-payment-goes-through-official-channels-only\"><strong>5. Payment goes through official channels only<\/strong><\/span><\/h4>\n\n\n\n<p>When there is a legitimate balance due, the IRS directs taxpayers to pay electronically at the official <a href=\"https:\/\/www.irs.gov\/\" target=\"_blank\" rel=\"nofollow\" ><strong>IRS website<\/strong><\/a>, by <em>\u201ccheck payable\u201d<\/em> to the United States Treasury, or through authorized channels listed on irs.gov, never through gift cards, crypto, or peer-to-peer apps.<\/p>\n\n\n\n<p>From a firm workflow standpoint, any team member who receives a <em>\u201cnew\u201d<\/em> IRS contact should be trained to ask two questions before reacting:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Did the client or firm already receive a letter about this same issue, with the same case details and amount?<\/li>\n\n\n\n<li>Can we see and verify that notice inside the IRS Online Account or through official IRS contact channels?<\/li>\n<\/ol>\n\n\n\n<p>If the answer to either question is <em>\u201cNo,\u201d<\/em> treat it as suspicious until proven otherwise.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-what-the-irs-will-never-ask-you-to-do\"><span id=\"what-the-irs-will-never-ask-you-to-do\"><strong>What The IRS Will Never Ask You To Do<\/strong><\/span><\/h3>\n\n\n\n<p><a href=\"https:\/\/verito.com\/blog\/deepfake-scam-prevention-checklist-accounting-tax-firms\/\" target=\"_blank\" rel=\"dofollow\" ><strong>Scammers<\/strong><\/a> often follow the same playbook. The IRS has been clear that it does not do several things that are common in fraud scenarios.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Scenario<\/strong><\/th><th><strong>Real IRS contact<\/strong><\/th><th><strong>Likely scam red flag<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>Initial outreach<\/strong><\/td><td>Starts with a mailed letter or notice<\/td><td>Random text, email, social media DM, or phone call out of the blue<\/td><\/tr><tr><td><strong>Payment method<\/strong><\/td><td>Official IRS payment site, check to U.S. Treasury, or authorized channels<\/td><td>Demands for gift cards, prepaid cards, wire to a personal account, or crypto-currency<\/td><\/tr><tr><td><strong>Tone and pressure<\/strong><\/td><td>Professional, allows time to review, appeal, or consult your tax professional<\/td><td>Threats of arrest, deportation, license revocation, or <em>\u201cofficer on the way\u201d<\/em> if you hang up<\/td><\/tr><tr><td><strong>Verification<\/strong><\/td><td>Will allow you to call an official IRS number to confirm identity<\/td><td>Refuses verification, insists you stay on the line and pay immediately<\/td><\/tr><tr><td><strong>Sensitive data<\/strong><\/td><td>Already has your SSN, EIN, and return details on file<\/td><td>Asks you to <em>\u201cverify\u201d<\/em> full SSN, bank account, or login credentials over phone, text, or email<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>In practical terms, <strong>the IRS<\/strong> <strong>does<\/strong> <strong>not<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Initiate contact by text or social media to demand payment or personal information.<\/li>\n\n\n\n<li>Ask you to provide full SSNs, EINs, or banking information in response to a link you did not request.<\/li>\n\n\n\n<li>Demand payment using gift cards, prepaid debit cards, wire transfers to personal accounts, or cryptocurrency.<\/li>\n\n\n\n<li>Threaten to bring in law enforcement at your door within hours if you do not pay on that call.<\/li>\n<\/ul>\n\n\n\n<p>If your staff hears <a href=\"https:\/\/verito.com\/blog\/top-7-cybersecurity-threats\/\" target=\"_blank\" rel=\"dofollow\" ><strong>urgent threats<\/strong><\/a>, secrecy, or any insistence that <em>\u201cyou cannot hang up or call back,\u201d<\/em> they should assume it is a scam until they have independently verified the situation through official IRS channels.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-green-flags-vs-red-flags-your-staff-can-memorize\"><span id=\"green-flags-vs-red-flags-your-staff-can-memorize\"><strong>Green Flags vs. Red Flags Your Staff Can Memorize<\/strong><\/span><\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"683\" src=\"http:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Green-Flags-vs.-Red-Flags-Your-Staff-Can-Memorize-1024x683.jpg\" alt=\"Green Flags vs. Red Flags Your Staff Can Memorize\" class=\"wp-image-5706\" srcset=\"https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Green-Flags-vs.-Red-Flags-Your-Staff-Can-Memorize-1024x683.jpg 1024w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Green-Flags-vs.-Red-Flags-Your-Staff-Can-Memorize-300x200.jpg 300w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Green-Flags-vs.-Red-Flags-Your-Staff-Can-Memorize-768x512.jpg 768w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Green-Flags-vs.-Red-Flags-Your-Staff-Can-Memorize-380x253.jpg 380w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Green-Flags-vs.-Red-Flags-Your-Staff-Can-Memorize-800x533.jpg 800w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Green-Flags-vs.-Red-Flags-Your-Staff-Can-Memorize-1160x773.jpg 1160w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Green-Flags-vs.-Red-Flags-Your-Staff-Can-Memorize-150x100.jpg 150w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Green-Flags-vs.-Red-Flags-Your-Staff-Can-Memorize.jpg 1500w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>You do not want every bookkeeper or seasonal staff member making judgment calls alone. A simple <em>\u201cgreen flag or red flag\u201d<\/em> checklist gives them something concrete to follow during tax season.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Type of signal<\/strong><\/th><th><strong>Green flag: usually safe<\/strong><\/th><th><strong>Red flag: treat as scam until proven otherwise<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>Channel<\/strong><\/td><td><strong>Physical letter<\/strong> that you can match to an IRS notice number on irs.gov<\/td><td>First contact by text, email, or social media about a bill or refund<\/td><\/tr><tr><td><strong>Context<\/strong><\/td><td>Notice relates to a return or issue you already know about<\/td><td>Caller or sender describes a problem you have never seen in IRS notices or transcripts<\/td><\/tr><tr><td><strong>Verification<\/strong><\/td><td>Caller is fine with you hanging up and calling back using a published IRS number<\/td><td>Caller insists you cannot hang up and must pay while on the line<\/td><\/tr><tr><td><strong>Payment<\/strong><\/td><td>Directed to pay at <strong>irs.gov<\/strong> or by check to U.S. Treasury<\/td><td>Directed to buy gift cards, send crypto, or use personal payment apps<\/td><\/tr><tr><td><strong>Documentation<\/strong><\/td><td>Gives you time to talk to your CPA or authorized representative<\/td><td>Tells you not to tell anyone, including your accountant or firm owner<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>For a QuickBooks-based firm, the operational rule can be simple:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Any <a href=\"https:\/\/verito.com\/blog\/about-internal-revenue-service-irs\/\" target=\"_blank\" rel=\"dofollow\" ><strong>IRS communication<\/strong><\/a> that does not fit the <em>\u201cgreen flag\u201d<\/em> pattern should be forwarded to a designated person or inbox, such as the firm owner, tax controversy lead, or security contact.<\/li>\n\n\n\n<li>No one should open the firm\u2019s QuickBooks Desktop company file, read out bank details, or process any payment while on a call or inside a session that feels even slightly off.<\/li>\n<\/ul>\n\n\n\n<p>Once this baseline is in place, the scam patterns in the next section become much easier to recognize and stop early.<\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-most-common-tax-season-scams-and-how-they-show-up-for-quickbooks-users\"><span id=\"the-most-common-tax-season-scams-and-how-they-show-up-for-quickbooks-users\"><strong>The Most Common Tax Season Scams (and How They Show up for QuickBooks Users)<\/strong><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"580\" src=\"http:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/The-Most-Common-Tax-Season-Scams-and-How-They-Show-up-for-QuickBooks-Users-1024x580.jpg\" alt=\"The Most Common Tax Season Scams (and How They Show up for QuickBooks Users)\" class=\"wp-image-5707\" srcset=\"https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/The-Most-Common-Tax-Season-Scams-and-How-They-Show-up-for-QuickBooks-Users-1024x580.jpg 1024w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/The-Most-Common-Tax-Season-Scams-and-How-They-Show-up-for-QuickBooks-Users-300x170.jpg 300w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/The-Most-Common-Tax-Season-Scams-and-How-They-Show-up-for-QuickBooks-Users-768x435.jpg 768w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/The-Most-Common-Tax-Season-Scams-and-How-They-Show-up-for-QuickBooks-Users-380x215.jpg 380w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/The-Most-Common-Tax-Season-Scams-and-How-They-Show-up-for-QuickBooks-Users-800x453.jpg 800w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/The-Most-Common-Tax-Season-Scams-and-How-They-Show-up-for-QuickBooks-Users-1160x657.jpg 1160w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/The-Most-Common-Tax-Season-Scams-and-How-They-Show-up-for-QuickBooks-Users-150x85.jpg 150w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/The-Most-Common-Tax-Season-Scams-and-How-They-Show-up-for-QuickBooks-Users.jpg 1500w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Scams change their branding every year, but the underlying plays do not. For CPA firms and QuickBooks users, almost everything you will see <a href=\"https:\/\/verito.com\/blog\/tax-season-2026-preparation-guide\/\" target=\"_blank\" rel=\"dofollow\" ><strong>during tax season<\/strong><\/a> falls into a small set of patterns. Once your team can recognize those patterns, they can stop a scam in seconds instead of debating it while a caller pressures them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-background\" id=\"h-1-irs-impersonation-phone-calls-pay-now-or-else\" style=\"background-color:#7de198\"><span id=\"1-irs-impersonation-phone-calls-pay-now-or-else\"><strong>1. IRS Impersonation Phone Calls: \u201cPay Now or Else\u201d<\/strong><\/span><\/h3>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-it-is\"><span id=\"what-it-is\"><strong>What it is<\/strong><\/span><\/h4>\n\n\n\n<p>Criminals call, pretending to be IRS agents, revenue officers, or members of a <em>\u201ctax resolution\u201d<\/em> unit. They claim you or your client owe back taxes, penalties, or interest and must pay immediately.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-how-it-looks-in-real-life\"><span id=\"how-it-looks-in-real-life\"><strong>How it looks in real life<\/strong><\/span><\/h4>\n\n\n\n<p>A staff member or partner gets a call like:<\/p>\n\n\n\n<p><em>\u201cThis is Officer Miller with the Internal Revenue Service. We have determined that your firm has underpaid payroll taxes for 2022 and 2023. If you do not make an immediate payment while we are on the line, a warrant will be issued, and your bank accounts may be frozen today.\u201d<\/em><\/p>\n\n\n\n<p>They may reference partial personal information pulled from public records or past breaches to sound legitimate. Caller ID can be spoofed to show <em>\u201cIRS\u201d<\/em> or a Washington D.C number.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-why-it-works-during-tax-season\"><span id=\"why-it-works-during-tax-season\"><strong>Why it works during tax season<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Your team knows that tax debts and penalties are real risks.<\/li>\n\n\n\n<li>No one wants to be the person who ignored the call that turned into an audit or levy.<\/li>\n\n\n\n<li>During peak deadlines, staff are moving fast and may not stop to verify.<\/li>\n<\/ul>\n\n\n\n<p>For small firms, this is especially dangerous when the caller pressures a staff member who has access to online banking or firm credit cards.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-to-do-immediately\"><span id=\"what-to-do-immediately\"><strong>What to do immediately<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Hang up. Do not engage in arguments with the caller.<\/li>\n\n\n\n<li>Look up an official IRS phone number on irs.gov and call back if you genuinely suspect there might be an issue.<\/li>\n\n\n\n<li>Check IRS Online Account, transcripts, or existing correspondence for any related notices.<\/li>\n\n\n\n<li>Document the call details and report the scam as instructed on irs.gov (phone scam reporting).<\/li>\n<\/ul>\n\n\n\n<p><strong>Firm rule of thumb:<\/strong> No one in the firm should ever pay anything to <em>\u201cthe IRS\u201d<\/em> while on an inbound call.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-background\" id=\"h-2-phishing-emails-pretending-to-be-the-irs-or-quickbooks\" style=\"background-color:#7de198\"><span id=\"2-phishing-emails-pretending-to-be-the-irs-or-quickbooks\"><strong>2. Phishing Emails Pretending to be the IRS or QuickBooks<\/strong><\/span><\/h3>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-it-is-0\"><span id=\"what-it-is-2\"><strong>What it is<\/strong><\/span><\/h4>\n\n\n\n<p><a href=\"https:\/\/verito.com\/blog\/what-should-you-do-if-you-click-on-a-phishing-link\/\" target=\"_blank\" rel=\"dofollow\" ><strong>Fraudulent emails<\/strong><\/a> that look like IRS notices, e-file alerts, QuickBooks invoices, or account warnings, designed to get you to click a link or open an attachment.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-how-it-looks-in-real-life-0\"><span id=\"how-it-looks-in-real-life-2\"><strong>How it looks in real life<\/strong><\/span><\/h4>\n\n\n\n<p>Common patterns include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Fake QuickBooks subscription or invoice emails that say your account will be suspended unless you <em>\u201cverify payment details\u201d<\/em> using a link.<\/li>\n\n\n\n<li>Emails with subject lines such as <em>\u201cImportant: IRS refund recalculation notice\u201d<\/em> or <em>\u201cImmediate action required: tax return rejected,\u201d<\/em> with links to sign in and resolve the issue.<\/li>\n\n\n\n<li>Attachments labeled as tax documents or QuickBooks backups that are actually malware.<\/li>\n<\/ul>\n\n\n\n<p>Security researchers have documented phishing campaigns that use convincing QuickBooks branding around tax deadlines to steal credentials and financial data, often leading to business email compromise.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-why-it-works-during-tax-season-0\"><span id=\"why-it-works-during-tax-season-2\"><strong>Why it works during tax season<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Your firm expects e-file acknowledgements, IRS notices, and vendor emails to arrive constantly.<\/li>\n\n\n\n<li>Staff are under pressure to clear inboxes, especially shared mailboxes like <em>\u201ctax@\u201d<\/em> or <em>\u201cinfo@\u201d<\/em>.<\/li>\n\n\n\n<li>Many firms still rely on email for sharing QuickBooks files and tax returns.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-to-do-immediately-0\"><span id=\"what-to-do-immediately-2\"><strong>What to do immediately<\/strong><\/span><\/h4>\n\n\n\n<p>If you suspect a phishing email:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do not click links or open attachments.<\/li>\n\n\n\n<li>Check the sender address carefully; many scams use addresses that replace one character or add extra words.<\/li>\n\n\n\n<li>Access QuickBooks, Intuit, or IRS portals only via bookmarks or typed URLs, never through email links.<\/li>\n\n\n\n<li>Report the email to your internal IT or security contact and to the appropriate reporting address (for IRS, that includes forwarding to <strong>phishing@irs.gov<\/strong>).<\/li>\n<\/ul>\n\n\n\n<p>For <a href=\"https:\/\/verito.com\/blog\/download-and-install-quickbooks-desktop\/\" target=\"_blank\" rel=\"dofollow\" ><strong>QuickBooks Desktop<\/strong><\/a> environments, have a hard rule that staff never open QuickBooks company files or backups received directly by email. Use secure portals instead.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-background\" id=\"h-3-text-message-and-social-media-irs-scams\" style=\"background-color:#7de198\"><span id=\"3-text-message-and-social-media-irs-scams\"><strong>3. Text Message and Social Media IRS Scams<\/strong><\/span><\/h3>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-it-is-1\"><span id=\"what-it-is-3\"><strong>What it is<\/strong><\/span><\/h4>\n\n\n\n<p>Short text messages (smishing) or social media direct messages that claim to be from the IRS, your tax software provider, or even your bank, usually with a link to click.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-how-it-looks-in-real-life-1\"><span id=\"how-it-looks-in-real-life-3\"><strong>How it looks in real life<\/strong><\/span><\/h4>\n\n\n\n<p>Examples:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em>\u201cIRS: You are eligible for an additional refund. Complete your claim here: [shortened URL]\u201d<\/em><\/li>\n\n\n\n<li><em>\u201cQuickBooks: Your account has been locked due to suspicious login attempts. Verify now: [fake domain]\u201d<\/em><\/li>\n\n\n\n<li>DMs offering <em>\u201cpriority tax resolution\u201d<\/em> that ask for basic personal details before directing you to a payment link.<\/li>\n<\/ul>\n\n\n\n<p>The IRS has repeatedly warned that it <strong>does not<\/strong> initiate contact with taxpayers via text messages to request personal or financial information, or to ask for payment.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-why-it-works-during-tax-season-1\"><span id=\"why-it-works-during-tax-season-3\"><strong>Why it works during tax season<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Staff are often checking messages on their phones between client calls and appointments.<\/li>\n\n\n\n<li>Personal and work communications are mixed on the same device.<\/li>\n\n\n\n<li>Short messages with refund language encourage impulsive taps.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-to-do-immediately-1\"><span id=\"what-to-do-immediately-3\"><strong>What to do immediately<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do not click any link in an unexpected tax-related text or DM.<\/li>\n\n\n\n<li>Do not reply with <em>\u201cSTOP\u201d<\/em> or any other text, as that can confirm your number is active to scammers.<\/li>\n\n\n\n<li>Delete the message and, if needed, report it according to IRS and carrier guidance.<\/li>\n\n\n\n<li>For firm devices, enforce a policy that <a href=\"https:\/\/verito.com\/blog\/5-essential-data-security-protocols-every-accounting-firm-must-implement-in-2026\/\" target=\"_blank\" rel=\"dofollow\" ><strong>client tax information<\/strong><\/a> is never exchanged by SMS or social media messages.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading has-background\" id=\"h-4-fake-refund-or-verification-portals-including-malicious-ads\" style=\"background-color:#7de198\"><span id=\"4-fake-refund-or-verification-portals-including-malicious-ads\"><strong>4. Fake Refund or \u201cVerification\u201d Portals (Including Malicious Ads)<\/strong><\/span><\/h3>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-it-is-2\"><span id=\"what-it-is-4\"><strong>What it is<\/strong><\/span><\/h4>\n\n\n\n<p>Scam websites that imitate IRS, QuickBooks, or tax software login pages and refund claim portals. They are often reached through <a href=\"https:\/\/verito.com\/anti-phishing-software\" target=\"_blank\" rel=\"dofollow\" ><strong>phishing emails<\/strong><\/a> or malicious online ads.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-how-it-looks-in-real-life-2\"><span id=\"how-it-looks-in-real-life-4\"><strong>How it looks in real life<\/strong><\/span><\/h4>\n\n\n\n<p>A staff member in a rush searches for <em>\u201cQuickBooks login\u201d<\/em> or <em>\u201cQuickBooks tax support,\u201d<\/em> clicks the first ad, and lands on a cloned login page. The page looks real enough to get them to enter their credentials and sometimes even their MFA code.<\/p>\n\n\n\n<p>Reports have highlighted <a href=\"https:\/\/security.intuit.com\/phishing\" target=\"_blank\" rel=\"nofollow\" >QuickBooks-themed phishing campaigns<\/a> that abuse advertising platforms to direct users to fake login pages designed to steal credentials around tax deadlines. Once attackers have those credentials, they can log into real accounts, change bank details, or plant malware.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-why-it-works-during-tax-season-2\"><span id=\"why-it-works-during-tax-season-4\"><strong>Why it works during tax season<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>People search instead of using bookmarks when they are under time pressure.<\/li>\n\n\n\n<li>Ads often appear above the real organic result.<\/li>\n\n\n\n<li>The scam page is usually built to look almost identical to the real portal.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-to-do-immediately-2\"><span id=\"what-to-do-immediately-4\"><strong>What to do immediately<\/strong><\/span><\/h4>\n\n\n\n<p>If you suspect you landed on a fake portal:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Close the tab immediately.<\/li>\n\n\n\n<li>From a known good bookmark or manually typed URL, go to the official site and change your <a href=\"https:\/\/verito.com\/blog\/beyond-passwords-complete-client-data-security-for-accountants\/\" target=\"_blank\" rel=\"dofollow\" ><strong>password<\/strong><\/a> from a clean device.<\/li>\n\n\n\n<li>Review recent account activity and enable or confirm MFA.<\/li>\n\n\n\n<li>Notify your IT or hosting provider that credentials may have been exposed.<\/li>\n<\/ul>\n\n\n\n<p>For QuickBooks Desktop firms, standardize that all staff access hosting portals and vendor sites only via approved bookmarks or a password manager, not through search results.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-background\" id=\"h-5-tax-identity-theft-and-fraudulent-filing\" style=\"background-color:#7de198\"><span id=\"5-tax-identity-theft-and-fraudulent-filing\"><strong>5. Tax Identity Theft and Fraudulent Filing<\/strong><\/span><\/h3>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-it-is-3\"><span id=\"what-it-is-5\"><strong>What it is<\/strong><\/span><\/h4>\n\n\n\n<p>Criminals use stolen SSNs, ITINs, or EINs to file tax returns or claims before the legitimate taxpayer does, capturing refunds and sometimes creating a mess of notices and mismatched reporting.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-how-it-looks-in-real-life-3\"><span id=\"how-it-looks-in-real-life-5\"><strong>How it looks in real life<\/strong><\/span><\/h4>\n\n\n\n<p>Warning signs include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A client\u2019s e-file return is rejected because a return with their SSN has already been filed.<\/li>\n\n\n\n<li>The firm or client starts receiving <a href=\"https:\/\/verito.com\/blog\/cpa-firm-it-compliance\/\" target=\"_blank\" rel=\"dofollow\" ><strong>IRS notices<\/strong><\/a> about income from employers they never worked for.<\/li>\n\n\n\n<li>The IRS contacts the taxpayer about a refund they never received.<\/li>\n<\/ul>\n\n\n\n<p>The IRS notes that tax professionals are prime targets because compromising one firm can expose hundreds of taxpayers at once.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-why-it-works-during-tax-season-3\"><span id=\"why-it-works-during-tax-season-5\"><strong>Why it works during tax season<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Firms are handling large volumes of <a href=\"https:\/\/verito.com\/blog\/w-2-vs-w-4-difference\/\" target=\"_blank\" rel=\"dofollow\" ><strong>W-2<\/strong><\/a>, 1099, and payroll data.<\/li>\n\n\n\n<li>Some clients still send sensitive documents over unencrypted email.<\/li>\n\n\n\n<li>A single compromised mailbox can give attackers enough information to file fake returns quietly.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-to-do-immediately-3\"><span id=\"what-to-do-immediately-5\"><strong>What to do immediately<\/strong><\/span><\/h4>\n\n\n\n<p>If you suspect tax identity theft:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Follow the IRS identity theft procedures, which may include filing <a href=\"https:\/\/www.irs.gov\/dmaf\/form\/f14039\" target=\"_blank\" rel=\"nofollow\" ><strong>Form 14039<\/strong><\/a> (Identity Theft Affidavit) and following IRS instructions for affected taxpayers.<\/li>\n\n\n\n<li>Advise clients to monitor their IRS Online Account, credit reports, and bank statements.<\/li>\n\n\n\n<li>Conduct an internal review to determine whether the compromise might have involved your systems or communications channels.<\/li>\n\n\n\n<li>Tighten controls on how client data is sent, received, and stored.<\/li>\n<\/ul>\n\n\n\n<p>For firm leadership, treat potential identity theft as both a client service issue and a security incident that may intersect with your WISP and regulatory obligations.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-background\" id=\"h-6-gift-card-wire-transfer-and-crypto-payment-demands\" style=\"background-color:#7de198\"><span id=\"6-gift-card-wire-transfer-and-crypto-payment-demands\"><strong>6. Gift Card, Wire Transfer, and Crypto Payment Demands<\/strong><\/span><\/h3>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-it-is-4\"><span id=\"what-it-is-6\"><strong>What it is<\/strong><\/span><\/h4>\n\n\n\n<p>Payment scams where callers or email senders insist that a tax debt or penalty must be paid using non-standard methods that are difficult to reverse, such as gift cards, peer-to-peer apps, or cryptocurrency.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-how-it-looks-in-real-life-4\"><span id=\"how-it-looks-in-real-life-6\"><strong>How it looks in real life<\/strong><\/span><\/h4>\n\n\n\n<p>Scammers may:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Direct you to buy a specific brand of gift card, read the numbers over the phone, and claim this will <em>\u201csettle your tax debt.\u201d<\/em><\/li>\n\n\n\n<li>Ask you to send a wire transfer to a personal account, often overseas.<\/li>\n\n\n\n<li>Push you to pay in cryptocurrency to avoid <em>\u201cadditional legal action.\u201d<\/em><\/li>\n<\/ul>\n\n\n\n<p>The IRS has been clear that it never demands immediate payment through the purchase of gift cards or crypto, and that such requests are a strong indicator of fraud.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-why-it-works-during-tax-season-4\"><span id=\"why-it-works-during-tax-season-6\"><strong>Why it works during tax season<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Firms deal with complex payment flows, including estimated tax payments, payroll tax deposits, and catch up arrangements.<\/li>\n\n\n\n<li>Staff may not be familiar with every legitimate payment method and could be persuaded that this one is urgent or special.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-to-do-immediately-4\"><span id=\"what-to-do-immediately-6\"><strong>What to do immediately<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Refuse any request to pay tax debts via gift cards, crypto, or wires to accounts not clearly documented on irs.gov.<\/li>\n\n\n\n<li>Terminate the call or email thread and verify directly with the IRS using official contact information.<\/li>\n\n\n\n<li>If payment details were already shared, contact your bank or card issuer at once and report the scam to the IRS and appropriate authorities.<\/li>\n<\/ul>\n\n\n\n<p>Internally, make it explicit in your policies that the firm never uses these channels for tax payments under any circumstance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-background\" id=\"h-7-new-client-onboarding-scam-targeting-accountants\" style=\"background-color:#7de198\"><span id=\"7-new-client-onboarding-scam-targeting-accountants\"><strong>7. \u201cNew Client Onboarding\u201d Scam Targeting Accountants<\/strong><\/span><\/h3>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-it-is-5\"><span id=\"what-it-is-7\"><strong>What it is<\/strong><\/span><\/h4>\n\n\n\n<p>Scammers pose as prospective clients and use the <em>\u201cdiscovery\u201d<\/em> and <a href=\"https:\/\/verito.com\/managed-it-onboarding\" target=\"_blank\" rel=\"dofollow\" ><strong>onboarding process<\/strong><\/a> to get you to open malicious attachments or click unsafe links.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-how-it-looks-in-real-life-5\"><span id=\"how-it-looks-in-real-life-7\"><strong>How it looks in real life<\/strong><\/span><\/h4>\n\n\n\n<p>You receive an email like:<\/p>\n\n\n\n<p><em>\u201cHello, we are looking for a CPA to handle our 2024 business and personal tax returns. I have attached last year\u2019s QuickBooks backup and tax returns for your review.\u201d<\/em><\/p>\n\n\n\n<p>The attachment is a compressed file or a link to a cloud share. Once opened, it deploys malware or remote access tools on the user\u2019s machine.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-why-it-works-during-tax-season-5\"><span id=\"why-it-works-during-tax-season-7\"><strong>Why it works during tax season<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Firms are keen to win new clients and may relax scrutiny to avoid friction.<\/li>\n\n\n\n<li>Onboarding processes are sometimes informal, especially for smaller firms.<\/li>\n\n\n\n<li>Staff may assume that reviewing attachments is a normal first step.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-to-do-immediately-5\"><span id=\"what-to-do-immediately-7\"><strong>What to do immediately<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do not open unsolicited attachments, especially compressed archives or executable files.<\/li>\n\n\n\n<li>Require potential clients to upload documents only through a secure portal with malware scanning.<\/li>\n\n\n\n<li>Scan any uploaded QuickBooks files in a controlled environment before opening them in production.<\/li>\n<\/ul>\n\n\n\n<p>For QuickBooks Desktop, treat unknown company files like potentially hostile code until proven safe.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-background\" id=\"h-8-quickbooks-malvertising-fake-support-and-remote-takeover\" style=\"background-color:#7de198\"><span id=\"8-quickbooks-malvertising-fake-support-and-remote-takeover\"><strong>8. QuickBooks Malvertising, Fake Support, and Remote Takeover<\/strong><\/span><\/h3>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-it-is-6\"><span id=\"what-it-is-8\"><strong>What it is<\/strong><\/span><\/h4>\n\n\n\n<p>Scams that combine fake <a href=\"https:\/\/verito.com\/blog\/quickbooks-in-the-cloud\/\" target=\"_blank\" rel=\"dofollow\" ><strong>QuickBooks support<\/strong><\/a> ads, alarming popups, and remote access tools to gain control of your systems and company files.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-how-it-looks-in-real-life-6\"><span id=\"how-it-looks-in-real-life-8\"><strong>How it looks in real life<\/strong><\/span><\/h4>\n\n\n\n<p>Scenarios include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>While working in QuickBooks, a user sees a pop up claiming that their company file is corrupted or their license is invalid and must call a listed number.<\/li>\n\n\n\n<li>A search for <em>\u201cQuickBooks support number\u201d<\/em> returns a malicious ad; the person who answers claims to be Intuit or a trusted partner.<\/li>\n\n\n\n<li>The <em>\u201csupport\u201d<\/em> agent asks the user to install a remote access tool, then browses files, installs additional software, or redirects them to <a href=\"https:\/\/verito.com\/blog\/reduce-check-fraud-in-your-business-with-positive-pay-the-treasury-software-solution-for-quickbooks\/\" target=\"_blank\" rel=\"dofollow\" ><strong>fraudulent payment<\/strong><\/a> sites.<\/li>\n<\/ul>\n\n\n\n<p>Once attackers have remote control, they can access QuickBooks company files, browser sessions, and stored passwords.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-why-it-works-during-tax-season-6\"><span id=\"why-it-works-during-tax-season-8\"><strong>Why it works during tax season<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Any disruption to QuickBooks during deadlines feels catastrophic, so staff grab at the first <em>\u201csupport\u201d<\/em> option they see.<\/li>\n\n\n\n<li>Firms that rely on a mix of local desktops and ad-hoc remote tools have little visibility into what gets installed.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-what-to-do-immediately-6\"><span id=\"what-to-do-immediately-8\"><strong>What to do immediately<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If a pop-up appears, close QuickBooks and the browser, and contact your known support channels directly using numbers from official documentation.<\/li>\n\n\n\n<li>Never call numbers presented in pop-ups or unsolicited ads.<\/li>\n\n\n\n<li>Never install remote access tools or grant remote control unless you have verified the identity of the support provider and the session is authorized by your firm.<\/li>\n\n\n\n<li>If you suspect a fake support interaction occurred, disconnect the affected machine from the network and involve IT or your hosting provider immediately.<\/li>\n<\/ul>\n\n\n\n<p>Before we move into QuickBooks-specific risk points and structural defenses, this is a natural moment to address the underlying pattern: almost <a href=\"https:\/\/verito.com\/blog\/strategic-it-management-for-tax-accounting-firms-compliance-security-and-performance\/\" target=\"_blank\" rel=\"dofollow\" ><strong>every scam<\/strong><\/a> above gets worse when you have scattered desktops, shared logins, and unmonitored remote access.<\/p>\n\n\n\n<p>If your goal is to make most of these attacks boring non-events instead of emergencies, <a href=\"https:\/\/verito.com\/hosting\/quickbooks\" target=\"_blank\" rel=\"dofollow\" ><strong>QuickBooks hosting<\/strong><\/a><strong> <\/strong>that centralizes your desktops, locks down access, and gives you predictable support is often the best default for small and mid-sized firms. This is where <strong>Verito<\/strong> should be your first call, because it is built specifically for accounting workloads and busy season risk, not generic small business use.<\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-quickbooks-specific-risk-points-during-busy-season\"><span id=\"quickbooks-specific-risk-points-during-busy-season\"><strong>QuickBooks-specific Risk Points During Busy Season<\/strong><\/span><\/h2>\n\n\n\n<p>Most tax season scams rely on the same weaknesses inside firms, not new hacking tricks. For QuickBooks Desktop users, a handful of operational habits make it much easier for criminals to turn a phishing email or fake support call into a full-blown incident.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-shared-logins-and-weak-passwords\"><span id=\"1-shared-logins-and-weak-passwords\"><strong>1. Shared Logins and Weak Passwords<\/strong><\/span><\/h3>\n\n\n\n<p>Many small firms still run QuickBooks Desktop with:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A single admin login shared by multiple staff.<\/li>\n\n\n\n<li>Simple passwords that rarely change.<\/li>\n\n\n\n<li>The same password is reused across QuickBooks, email, and bank portals.<\/li>\n<\/ul>\n\n\n\n<p>That setup is convenient during crunch time, but it dramatically increases the blast radius of a single stolen credential. If an attacker tricks one person into entering that shared password on a fake QuickBooks or hosting login page, they effectively have the keys to every company file that account can reach.<\/p>\n\n\n\n<p>From a scammer\u2019s perspective, this is ideal. One successful phishing email can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Give them access to multiple client books.<\/li>\n\n\n\n<li>Let them change bank details or vendor info.<\/li>\n\n\n\n<li>Allow them to install or <a href=\"https:\/\/verito.com\/blog\/top-cybersecurity-stats-for-2026-a-must-read\/\" target=\"_blank\" rel=\"dofollow\" ><strong>launch malware<\/strong><\/a> from inside your environment.<\/li>\n<\/ul>\n\n\n\n<p>For a small or mid-sized firm, the fix is straightforward even if it takes some effort:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Require unique QuickBooks logins for each person.<\/li>\n\n\n\n<li>Restrict admin rights to as few users as possible.<\/li>\n\n\n\n<li>Turn on multi-factor authentication wherever your hosting or remote access platform allows it.<\/li>\n\n\n\n<li>Use a password manager to keep staff out of the habit of reusing simple passwords.<\/li>\n<\/ul>\n\n\n\n<p>In practical terms, treating shared QuickBooks admin logins as an emergency measure instead of the default setting will remove a lot of the leverage scammers get from one successful phish.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-staff-using-personal-and-unmanaged-devices\"><span id=\"2-staff-using-personal-and-unmanaged-devices\"><strong>2. Staff Using Personal and Unmanaged Devices<\/strong><\/span><\/h3>\n\n\n\n<p>Many firms quietly depend on personal laptops and home PCs to get through tax season. That creates several problems at once:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>No consistent antivirus or endpoint protection.<\/li>\n\n\n\n<li>Inconsistent patching for <a href=\"https:\/\/verito.com\/blog\/which-is-better-a-linux-server-or-windows-server\/\" target=\"_blank\" rel=\"dofollow\" ><strong>Windows<\/strong><\/a> and QuickBooks updates.<\/li>\n\n\n\n<li>Unknown browser extensions and toolbars that can inject fake alerts or ads.<\/li>\n\n\n\n<li>Family members who also use the device.<\/li>\n<\/ul>\n\n\n\n<p>If a staff member clicks a fake QuickBooks support ad or IRS phishing link on a personal device that also connects into your QuickBooks environment, you have no real visibility into what was installed or what data was accessed.<\/p>\n\n\n\n<p>For QuickBooks Desktop in particular, unmanaged devices create risk when:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Remote access to office machines is allowed from any endpoint.<\/li>\n\n\n\n<li>Company files are synced through generic file sharing tools to personal machines.<\/li>\n\n\n\n<li>Staff open emailed backups or tax documents on home computers.<\/li>\n<\/ul>\n\n\n\n<p>To cut this risk without overhauling everything overnight, firms can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Limit QuickBooks access to a controlled set of devices.<\/li>\n\n\n\n<li>Require that any device used for QuickBooks work is enrolled in <a href=\"https:\/\/verito.com\/blog\/5-essential-data-security-protocols-every-accounting-firm-must-implement-in-2026\/\" target=\"_blank\" rel=\"dofollow\" ><strong>basic security controls<\/strong><\/a> and patching.<\/li>\n\n\n\n<li>Treat exceptions for personal devices as temporary and documented, not permanent and invisible.<\/li>\n<\/ul>\n\n\n\n<p>Centralized QuickBooks hosting helps here because staff connect into a managed environment, but you still need basic hygiene on the endpoints that initiate those sessions.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-emailing-quickbooks-company-files-and-tax-attachments\"><span id=\"3-emailing-quickbooks-company-files-and-tax-attachments\"><strong>3. Emailing QuickBooks Company Files and Tax Attachments<\/strong><\/span><\/h3>\n\n\n\n<p>Email is still the default file transport for many practices. It is also a common starting point for tax scams and data theft.<\/p>\n\n\n\n<p>Typical patterns include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Clients emailing full QuickBooks backups or portable files as attachments<\/li>\n\n\n\n<li>Firms sending finalized returns, W-2s, and 1099s as unencrypted PDFs.<\/li>\n\n\n\n<li>Staff forwarding tax documents between personal and work inboxes to <em>\u201c<\/em><a href=\"https:\/\/verito.com\/blog\/remote-work-accepting-the-new-normal\/\" target=\"_blank\" rel=\"dofollow\" ><strong><em>work from home<\/em><\/strong><\/a><em> tonight\u201d<\/em>.<\/li>\n<\/ul>\n\n\n\n<p>If an attacker compromises one mailbox, they gain:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Historic tax returns with full SSNs and financial details.<\/li>\n\n\n\n<li>Attached QuickBooks company files they can open or tamper with.<\/li>\n\n\n\n<li>Enough context to craft believable phishing emails to your clients.<\/li>\n<\/ul>\n\n\n\n<p>From a tax scam standpoint, this also makes it easy for criminals to file fraudulent returns or send fake <em>\u201cwe changed bank accounts, pay here\u201d<\/em> messages that look convincing because they reference real data.<\/p>\n\n\n\n<p>Concrete improvements include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mandating secure client portals for sending and receiving QuickBooks files and tax documents.<\/li>\n\n\n\n<li>Prohibiting the use of personal email accounts for client work.<\/li>\n\n\n\n<li>Setting message size limits that discourage or block large attachment workflows.<\/li>\n\n\n\n<li>Training staff that <em>\u201cemailing the QBW or QBB\u201d<\/em> is no longer acceptable for production data.<\/li>\n<\/ul>\n\n\n\n<p>When that policy is enforced, a phishing attacker who compromises a single mailbox has far less to work with.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-4-seasonal-staff-and-temporary-access-chaos\"><span id=\"4-seasonal-staff-and-temporary-access-chaos\"><strong>4. Seasonal Staff and Temporary Access Chaos<\/strong><\/span><\/h3>\n\n\n\n<p>Tax season often means:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Temporary preparers<\/li>\n\n\n\n<li>Offshore or <a href=\"https:\/\/verito.com\/industries\/bookkeepers\" target=\"_blank\" rel=\"dofollow\" ><strong>contract bookkeepers<\/strong><\/a><\/li>\n\n\n\n<li>Administrative staff helping with document intake and basic data entry.<\/li>\n<\/ul>\n\n\n\n<p>If access is granted ad-hoc, those users can end up with:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Broad QuickBooks permissions they do not really need.<\/li>\n\n\n\n<li>Persistent accounts that remain active long after they leave.<\/li>\n\n\n\n<li>Credentials that are never rotated because <em>\u201cwe might need them again next season\u201d<\/em>.<\/li>\n<\/ul>\n\n\n\n<p>That environment is attractive to attackers because dormant or forgotten accounts are rarely monitored closely and may not be tied to a specific person.<\/p>\n\n\n\n<p>To reduce this exposure:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Issue time-bound accounts for seasonal staff with end dates.<\/li>\n\n\n\n<li>Map each seasonal role to a minimal QuickBooks permission set.<\/li>\n\n\n\n<li>Remove or disable accounts as soon as contracts end.<\/li>\n\n\n\n<li>Keep a simple access register that lists who can log into what during the busy season.<\/li>\n<\/ul>\n\n\n\n<p>If a scammer compromises a seasonal user\u2019s email or workstation, having their QuickBooks access constrained can be the difference between a contained incident and a firm-wide compromise.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-5-remote-access-chaos-and-overlapping-tools\"><span id=\"5-remote-access-chaos-and-overlapping-tools\"><strong>5. Remote Access Chaos and Overlapping Tools<\/strong><\/span><\/h3>\n\n\n\n<p>A lot of QuickBooks environments grew organically:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>VPNs for some users<\/li>\n\n\n\n<li>Direct RDP for others<\/li>\n\n\n\n<li>Ad-hoc remote tools installed by local IT or past vendors.<\/li>\n\n\n\n<li>Third party <em>\u201csupport\u201d<\/em> tools installed during urgent troubleshooting.<\/li>\n<\/ul>\n\n\n\n<p>From a scammer\u2019s point-of-view, this remote access sprawl is pure opportunity. If they can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Convince a user to install one more <a href=\"https:\/\/verito.com\/remote-access\" target=\"_blank\" rel=\"dofollow\" ><strong>remote access tool<\/strong><\/a> during a fake support call.<\/li>\n\n\n\n<li>Abuse existing RDP or VPN credentials harvested via phishing.<\/li>\n\n\n\n<li>Walk through half a dozen open inbound ports to reach your server.<\/li>\n<\/ul>\n\n\n\n<p>they now sit inside your network next to QuickBooks company files and tax documents.<\/p>\n\n\n\n<p>A more controlled approach looks like this:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Standardize on a single, approved method for remote access into QuickBooks.<\/li>\n\n\n\n<li>Remove legacy or duplicate remote tools from desktops and servers.<\/li>\n\n\n\n<li>Block staff from installing their own remote control software without admin approval.<\/li>\n\n\n\n<li>Regularly review remote access logs for unusual connection times or locations.<\/li>\n<\/ul>\n\n\n\n<p>In a small firm, this can be as simple as <em>\u201ceveryone uses the same hosting portal and nothing else.\u201d<\/em> That alone removes a lot of uncertainty when a suspicious session or support call appears.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-why-secure-quickbooks-hosting-is-the-recommended-default-for-busy-season\"><span id=\"why-secure-quickbooks-hosting-is-the-recommended-default-for-busy-season\"><strong>Why Secure QuickBooks Hosting is the Recommended Default for Busy Season<\/strong><\/span><\/h3>\n\n\n\n<p>All of these risk points share a theme: too many copies of QuickBooks, too many ways to reach it, and too little control over who can do what. Moving QuickBooks Desktop into a secure, <a href=\"https:\/\/verito.com\/hosting\" target=\"_blank\" rel=\"dofollow\" ><strong>centralized hosting environment<\/strong><\/a> does not magically stop tax scams, but it changes the outcome when something goes wrong.<\/p>\n\n\n\n<p>With a provider that is built specifically for accounting firms, you can expect:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/verito.com\/blog\/soc-2-compliance\/\" target=\"_blank\" rel=\"dofollow\" ><strong>SOC 2 Type II<\/strong><\/a> certified infrastructure and isolated customer environments that align with FTC Safeguards Rule and IRS Publication 4557 expectations.<\/li>\n\n\n\n<li><strong>100 percent uptime<\/strong> and dedicated resources so you are not fighting slow systems while trying to respond to a potential scam.<\/li>\n\n\n\n<li>Multi-factor authentication, access control, and logging handled as part of the platform instead of something each firm has to assemble on its own.<\/li>\n\n\n\n<li>24&#215;7 support from engineers who understand QuickBooks and tax workflows, so staff are less tempted to call whatever <em>\u201cQuickBooks support\u201d<\/em> number they see in an ad.<\/li>\n<\/ul>\n\n\n\n<p>If your goal is to handle tax season with the fewest surprises, a specialized QuickBooks hosting platform like <strong>Verito<\/strong> is often the safest default. It reduces how many doors scammers can walk through and gives you a single place to harden, monitor, and recover if someone still clicks the wrong link.<\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-to-do-if-you-already-interacted-with-a-scam\"><span id=\"what-to-do-if-you-already-interacted-with-a-scam\"><strong>What To Do if You Already Interacted With a Scam<\/strong><strong><\/strong><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"700\" src=\"http:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/What-To-Do-if-You-Already-Interacted-With-a-Scam-1024x700.jpg\" alt=\"What To Do if You Already Interacted With a Scam\" class=\"wp-image-5708\" srcset=\"https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/What-To-Do-if-You-Already-Interacted-With-a-Scam-1024x700.jpg 1024w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/What-To-Do-if-You-Already-Interacted-With-a-Scam-300x205.jpg 300w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/What-To-Do-if-You-Already-Interacted-With-a-Scam-768x525.jpg 768w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/What-To-Do-if-You-Already-Interacted-With-a-Scam-380x260.jpg 380w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/What-To-Do-if-You-Already-Interacted-With-a-Scam-800x547.jpg 800w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/What-To-Do-if-You-Already-Interacted-With-a-Scam-1160x793.jpg 1160w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/What-To-Do-if-You-Already-Interacted-With-a-Scam-150x103.jpg 150w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/What-To-Do-if-You-Already-Interacted-With-a-Scam.jpg 1500w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Even careful firms make mistakes during tax season. Someone clicks a link in a hurry, opens an attachment from a <em>\u201cnew client,\u201d<\/em> or a partner pays something <em>\u201cjust to be safe.\u201d<\/em> The damage gets worse when people hide it or are unsure what to do.<\/p>\n\n\n\n<p>You need a simple rule: if anything feels off, report it immediately and follow a checklist. The steps below are general guidance and do not replace IRS instructions, bank procedures, or legal advice, but they give your team a clear starting point.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-if-you-clicked-a-link\"><span id=\"1-if-you-clicked-a-link\"><strong>1. If You Clicked a Link<\/strong><\/span><\/h3>\n\n\n\n<p>Treat any suspicious click as a potential compromise, even if nothing obvious happens.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-immediate-steps\"><span id=\"immediate-steps\"><strong>Immediate steps<\/strong><\/span><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Stop using that browser tab and close it.<\/li>\n\n\n\n<li>From a different, known clean tab or browser, change the password for the affected account (QuickBooks, email, bank, hosting portal), going directly to the official site via a bookmark or manually typed URL.<\/li>\n\n\n\n<li>Enable or confirm multi-factor authentication (MFA) on the account if it is available.<\/li>\n\n\n\n<li>Notify your IT team or hosting provider that a suspicious link was clicked, including:<br>\n<ul class=\"wp-block-list\">\n<li>Who clicked<\/li>\n\n\n\n<li>Approximate time<\/li>\n\n\n\n<li>What the message claimed to be (IRS notice, QuickBooks invoice, support alert)<br><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Review recent activity in the account for:<br>\n<ul class=\"wp-block-list\">\n<li>New or unknown devices<\/li>\n\n\n\n<li>Login attempts from unusual locations<\/li>\n\n\n\n<li>Changes to security settings, bank details, or user access<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p>For QuickBooks Desktop firms on hosted environments, open a ticket with your hosting provider so they can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Check logs for unusual login patterns.<\/li>\n\n\n\n<li>Look for suspicious processes or connections originating from that session.<\/li>\n<\/ul>\n\n\n\n<p>Make it a firm policy that <em>\u201cI might have clicked something bad\u201d<\/em> is always a safe thing to say, not something staff fear admitting.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-if-you-downloaded-or-opened-an-attachment\"><span id=\"2-if-you-downloaded-or-opened-an-attachment\"><strong>2. If You Downloaded or Opened an Attachment<\/strong><\/span><\/h3>\n\n\n\n<p>Attachments are a common delivery path for malware and remote access tools, especially when they claim to be QuickBooks backups, W-2s, 1099s, or prior year returns.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-immediate-steps-0\"><span id=\"immediate-steps-2\"><strong>Immediate steps<\/strong><\/span><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Disconnect the affected device from the network.<strong><br><\/strong>\n<ul class=\"wp-block-list\">\n<li>Unplug the Ethernet cable or turn off Wi-Fi.<\/li>\n\n\n\n<li>Do not power the machine off unless directed by IT, because you may lose useful forensic information.<br><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Call your IT team or hosting provider right away and explain exactly what was opened and from where.<\/li>\n\n\n\n<li>Run a full antivirus and <a href=\"https:\/\/verito.com\/blog\/cybersecurity-for-accounting-firms-guide\/\" target=\"_blank\" rel=\"dofollow\" ><strong>endpoint protection<\/strong><\/a> scan on the device, using tools approved by your IT team.<\/li>\n\n\n\n<li>Do not log into banking, QuickBooks, or email from that device until IT confirms it is clean or rebuilt.<\/li>\n\n\n\n<li>Have IT review installed programs and remote access tools to look for anything unexpected that may have been added during or after opening the file.<\/li>\n<\/ol>\n\n\n\n<p>If the attachment was a supposed QuickBooks file:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do not move it into production folders or open it on servers that hold live company files.<\/li>\n\n\n\n<li>Treat it as untrusted until it has been scanned in a controlled environment.<\/li>\n<\/ul>\n\n\n\n<p>Once IT or your provider has assessed the machine, follow their guidance on password resets and any additional monitoring needed for accounts accessed from that device.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-if-you-shared-sensitive-information\"><span id=\"3-if-you-shared-sensitive-information\"><strong>3. If You Shared Sensitive Information<\/strong><\/span><\/h3>\n\n\n\n<p>What you shared matters. There is a difference between giving out a general email address versus reading off a full SSN, EIN, or bank routing and account number.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-1-if-you-shared-login-credentials\"><span id=\"1-if-you-shared-login-credentials\"><strong>1. If you shared login credentials<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Immediately change the password<\/strong> from a known clean device using the official site or app.<\/li>\n\n\n\n<li><strong>Invalidate remembered sessions<\/strong> where the platform allows it, so any logged in attacker is kicked out.<\/li>\n\n\n\n<li><a href=\"https:\/\/verito.com\/blog\/5-essential-data-security-protocols-every-accounting-firm-must-implement-in-2026\/\" target=\"_blank\" rel=\"dofollow\" ><strong>Turn on MFA<\/strong><\/a> if it was not already enabled.<\/li>\n\n\n\n<li><strong>Review recent activity and access logs<\/strong> for suspicious logins, locations, or changes.<\/li>\n<\/ul>\n\n\n\n<p>Do this for every system where the same or similar credentials were used, especially:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Email<\/li>\n\n\n\n<li>QuickBooks hosting or remote desktop portals<\/li>\n\n\n\n<li>Bank and payroll portals<\/li>\n\n\n\n<li><a href=\"https:\/\/verito.com\/hosting\/smartvault\" target=\"_blank\" rel=\"dofollow\" ><strong>Document management<\/strong><\/a> or client portals<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-2-if-you-shared-ssns-itins-or-other-tax-id-details\"><span id=\"2-if-you-shared-ssns-itins-or-other-tax-id-details\"><strong>2. If you shared SSNs, ITINs, or other tax ID details<\/strong><\/span><\/h4>\n\n\n\n<p>Follow IRS identity theft procedures for the affected taxpayer:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Instruct the taxpayer to review their IRS Online Account for any unfamiliar activity.<\/li>\n\n\n\n<li>If a return is rejected because one is already filed under their SSN, follow IRS guidance on filing with an Identity <strong>Theft Affidavit (Form 14039)<\/strong> and responding to specific notices.<\/li>\n\n\n\n<li>Advise them to monitor credit reports and consider placing fraud alerts or credit freezes through the major credit bureaus.<\/li>\n<\/ul>\n\n\n\n<p>Internally, treat this as a potential data incident:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Document what was shared, when, and to whom.<\/li>\n\n\n\n<li>Review whether the information came from firm systems that may also need investigation.<\/li>\n\n\n\n<li>Consult your WISP, FTC Safeguards policies, or legal counsel on any notification obligations.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-3-if-you-shared-bank-or-card-details\"><span id=\"3-if-you-shared-bank-or-card-details\"><strong>3. If you shared bank or card details<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Contact the bank or card issuer immediately, explain the situation, and ask them to monitor for or block suspicious transactions.<\/li>\n\n\n\n<li>Review recent transactions with them and dispute any fraudulent charges according to their procedures.<\/li>\n\n\n\n<li>Update payment information on IRS accounts or payroll systems if there is any chance those details were altered.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-4-if-you-sent-money\"><span id=\"4-if-you-sent-money\"><strong>4. If You Sent Money<\/strong><\/span><\/h3>\n\n\n\n<p>Once funds leave your account, speed matters.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-1-if-you-paid-by-card-or-bank-transfer\"><span id=\"1-if-you-paid-by-card-or-bank-transfer\"><strong>1. If you paid by card or bank transfer<\/strong><\/span><\/h4>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Call your bank or card issuer right away.<strong><br><\/strong>\n<ul class=\"wp-block-list\">\n<li>For cards, ask to dispute the charge and have the card cancelled and reissued.<\/li>\n\n\n\n<li>For bank transfers, ask if the transfer can be reversed or frozen and follow their fraud procedures.<br><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Document everything<\/strong> while it is fresh:<br>\n<ul class=\"wp-block-list\">\n<li>Phone numbers, email addresses, websites, and names used.<\/li>\n\n\n\n<li>Exact amounts paid and methods used.<\/li>\n\n\n\n<li>Screenshots of emails, texts, or popups.<br><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Report the scam<\/strong> to the IRS using the appropriate channels for tax scams and, where applicable, to:<br>\n<ul class=\"wp-block-list\">\n<li>The Federal Trade Commission (FTC)<\/li>\n\n\n\n<li>Local law enforcement or other agencies your counsel recommends<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading has-medium-font-size\" id=\"h-2-if-you-used-gift-cards-or-crypto\"><span id=\"2-if-you-used-gift-cards-or-crypto\"><strong>2. If you used gift cards or crypto<\/strong><\/span><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Contact the company that issued the gift cards immediately. Some have processes to freeze cards that have not yet been redeemed, although recovery rates are generally low.<\/li>\n\n\n\n<li>For crypto transfers, recovery is usually unlikely, but your bank, law enforcement, or counsel may still recommend reporting and documenting the incident for regulatory and insurance reasons.<\/li>\n<\/ul>\n\n\n\n<p>From a firm perspective, any situation where you paid money in response to a supposed IRS, QuickBooks, or support request should trigger:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A quick internal incident review.<\/li>\n\n\n\n<li>A look at whether <a href=\"https:\/\/verito.com\/security-awareness-training\" target=\"_blank\" rel=\"dofollow\" ><strong>staff training<\/strong><\/a> or procedures need to change.<\/li>\n\n\n\n<li>A check on whether attackers may also have gained access to systems, not just funds.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-when-to-involve-your-hosting-provider-it-and-legal-counsel\"><span id=\"when-to-involve-your-hosting-provider-it-and-legal-counsel\"><strong>When to Involve Your Hosting Provider, IT, and Legal Counsel<\/strong><\/span><\/h3>\n\n\n\n<p>As a simple guideline:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Always involve IT or your hosting provider if a link was clicked, an attachment opened, or a suspicious support session occurred on a device that touches QuickBooks or client data.<\/li>\n\n\n\n<li>Involve <a href=\"https:\/\/verito.com\/industries\/legal\" target=\"_blank\" rel=\"dofollow\" ><strong>legal counsel<\/strong><\/a> or compliance advisors when:<br>\n<ul class=\"wp-block-list\">\n<li>SSNs, EINs, or large volumes of client data may have been exposed.<\/li>\n\n\n\n<li>There is a realistic chance of regulatory or contractual notification obligations.<\/li>\n\n\n\n<li>You are unsure how much detail to share with affected clients and insurers.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>Your goal is not to hide incidents. It is to contain them quickly, meet your obligations, and adjust your systems so the same scam is much harder to pull off next time.<\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-to-reduce-your-risk-before-deadlines-hit\"><span id=\"how-to-reduce-your-risk-before-deadlines-hit\"><strong>How to Reduce Your Risk Before Deadlines Hit<\/strong><strong><\/strong><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"597\" data-id=\"5709\" src=\"http:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-to-Reduce-Your-Risk-Before-Deadlines-Hit-1024x597.jpg\" alt=\"How to Reduce Your Risk Before Deadlines Hit\" class=\"wp-image-5709\" srcset=\"https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-to-Reduce-Your-Risk-Before-Deadlines-Hit-1024x597.jpg 1024w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-to-Reduce-Your-Risk-Before-Deadlines-Hit-300x175.jpg 300w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-to-Reduce-Your-Risk-Before-Deadlines-Hit-768x448.jpg 768w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-to-Reduce-Your-Risk-Before-Deadlines-Hit-380x222.jpg 380w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-to-Reduce-Your-Risk-Before-Deadlines-Hit-800x467.jpg 800w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-to-Reduce-Your-Risk-Before-Deadlines-Hit-1160x677.jpg 1160w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-to-Reduce-Your-Risk-Before-Deadlines-Hit-150x88.jpg 150w, https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/How-to-Reduce-Your-Risk-Before-Deadlines-Hit.jpg 1500w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/figure>\n\n\n\n<p>You cannot control when scammers attack, but you can control how much damage they can do when someone slips up. The goal is not to scare staff into never clicking anything. The goal is to design your QuickBooks and tax environment so that one mistake is a contained event, not a firm-wide crisis.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-1-tighten-access-control-around-quickbooks-and-tax-apps\"><span id=\"1-tighten-access-control-around-quickbooks-and-tax-apps\"><strong>1. Tighten Access Control Around QuickBooks and Tax Apps<\/strong><\/span><\/h3>\n\n\n\n<p>Start with who can log in and what they can touch.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Give every user their own QuickBooks login instead of sharing a generic <em>\u201cAdmin\u201d<\/em> account.<\/li>\n\n\n\n<li>Remove QuickBooks access for anyone who does not need it during tax season, especially old vendors, ex-staff, and seasonal workers from prior years.<\/li>\n\n\n\n<li>Turn on multi-factor authentication wherever you can: hosting portals, remote desktop gateways, email, bank portals, and document management systems.<\/li>\n\n\n\n<li>Apply least privilege in practice: bookkeepers do not need full admin rights, and seasonal staff do not need to see every client.<\/li>\n<\/ul>\n\n\n\n<p>For QuickBooks Desktop on hosted infrastructure, use the provider\u2019s access controls as your central switchboard instead of managing dozens of desktops one-by-one.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-2-backups-recovery-points-and-ransomware-readiness\"><span id=\"2-backups-recovery-points-and-ransomware-readiness\"><strong>2. Backups, Recovery Points, and Ransomware Readiness<\/strong><\/span><\/h3>\n\n\n\n<p>Scammers are not just hunting for refunds and card numbers. Ransomware gangs still target professional services routinely, including accounting and legal firms, because they know you cannot afford <a href=\"https:\/\/verito.com\/blog\/what-is-server-downtime-and-how-you-can-prevent-it\/\" target=\"_blank\" rel=\"dofollow\" ><strong>downtime<\/strong><\/a> in March and April.<\/p>\n\n\n\n<p>You want two outcomes if ransomware ever hits:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>You can recover QuickBooks data from recent, tested backups.<\/li>\n\n\n\n<li>You do not have to pay criminals to get back to work.<\/li>\n<\/ol>\n\n\n\n<p>Concretely, that means:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Daily backups<\/strong> of QuickBooks company files with retention that spans at least the entire busy season.<\/li>\n\n\n\n<li><strong>Immutable or off-site copies<\/strong> that cannot be encrypted by the same attack that hits your production servers.<\/li>\n\n\n\n<li><a href=\"https:\/\/verito.com\/blog\/backup-and-disaster-recovery\/\" target=\"_blank\" rel=\"dofollow\" ><strong>Regular test restores<\/strong><\/a> so you know how long it would actually take to bring a firm back online.<\/li>\n\n\n\n<li><strong>Documented procedures<\/strong> so staff know who decides on failover or restore during an incident.<\/li>\n<\/ul>\n\n\n\n<p>If you are using a managed QuickBooks hosting provider, ask specific questions:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>How often are backups taken and how long are they kept<\/li>\n\n\n\n<li>Whether backups are segregated from the main environment<\/li>\n\n\n\n<li>How quickly they can restore a single company file or an entire environment<\/li>\n<\/ul>\n\n\n\n<p>Do not accept vague reassurances. Get concrete numbers and processes.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-3-patching-hardening-and-basic-endpoint-hygiene\"><span id=\"3-patching-hardening-and-basic-endpoint-hygiene\"><strong>3. Patching, Hardening, and Basic Endpoint Hygiene<\/strong><\/span><\/h3>\n\n\n\n<p>Most tax season scam payloads rely on something simple being out of date: the browser, the OS, or a plugin.<\/p>\n\n\n\n<p>At a minimum:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep Windows and macOS updated on all devices used to access QuickBooks and tax apps.<\/li>\n\n\n\n<li>Apply QuickBooks updates and critical patches in a controlled way, ideally in a test environment first, then in production.<\/li>\n\n\n\n<li>Remove unnecessary browser extensions and software that could inject ads or malicious scripts.<\/li>\n\n\n\n<li>Standardize antivirus and endpoint protection across firm machines rather than letting everyone choose their own tools.<\/li>\n<\/ul>\n\n\n\n<p>If you use QuickBooks on a dedicated hosting platform, much of the OS level patching is handled for you, but you still need to enforce patching and protection on local laptops and desktops that initiate remote sessions.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-4-security-policies-wisp-and-compliance-alignment\"><span id=\"4-security-policies-wisp-and-compliance-alignment\"><strong>4. Security Policies, WISP, and Compliance Alignment<\/strong><\/span><\/h3>\n\n\n\n<p>Scams create technical risk and compliance risk at the same time. The IRS and FTC both expect tax professionals to have documented security programs, not just informal <em>\u201cwe try to be careful\u201d<\/em> habits.<\/p>\n\n\n\n<p>For a small or mid-sized firm, this usually means:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A written information security program (WISP) that spells out how you protect client data, who is responsible, and how incidents are handled.<\/li>\n\n\n\n<li>Controls that align with IRS Publication 4557 and the FTC Safeguards Rule: things like access control, encryption, incident response, and vendor management.<\/li>\n\n\n\n<li>Evidence that policies are actually implemented, such as user access reviews, training records, and incident logs.<\/li>\n<\/ul>\n\n\n\n<p>You do not need a hundred page manual nobody reads. You do need a short, accurate set of policies that reflect how your firm really operates, including how you use QuickBooks Desktop and who your hosting or IT partners are.<\/p>\n\n\n\n<p>This is also where system design pays off. It is far easier to prove that you are controlling access and monitoring activity when QuickBooks lives in a central, auditable environment instead of scattered across individual workstations.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-5-staff-training-that-matches-real-tax-season-scenarios\"><span id=\"5-staff-training-that-matches-real-tax-season-scenarios\"><strong>5. Staff Training That Matches Real Tax Season Scenarios<\/strong><\/span><\/h3>\n\n\n\n<p>Generic security awareness training is not enough. Your staff need to practice exactly the situations you covered earlier in this article.<\/p>\n\n\n\n<p>Focus on short, recurring sessions rather than one annual lecture. For example:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A 15-minute review in early January where you walk through an IRS impersonation call script and practice the correct response.<\/li>\n\n\n\n<li>A monthly <em>\u201cphishing roundup\u201d<\/em> where you show real scam emails the firm has received, explain what made them suspicious, and how they were handled.<\/li>\n\n\n\n<li>A simple rule that any suspected scam is forwarded to a specific inbox or contact, not handled solo.<\/li>\n<\/ul>\n\n\n\n<p>Tie training content directly to your internal rules:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>No one pays anything in response to an inbound call, text, or email claiming to be the IRS.<\/li>\n\n\n\n<li>No one installs remote access tools without explicit approval.<\/li>\n\n\n\n<li>No one emails QuickBooks backups or unencrypted tax returns.<\/li>\n\n\n\n<li>Every incident or near miss is logged, not swept under the rug.<\/li>\n<\/ul>\n\n\n\n<p>The point is not to make staff paranoid. It is to give them clear scripts so they do not freeze when something strange happens on a busy day.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-centralized-managed-quickbooks-hosting-as-the-security-backbone\"><span id=\"centralized-managed-quickbooks-hosting-as-the-security-backbone\"><strong>Centralized, Managed QuickBooks Hosting as the Security Backbone<\/strong><\/span><\/h3>\n\n\n\n<p>Everything above is significantly easier to enforce when QuickBooks Desktop runs in a centralized, professionally managed environment rather than on a collection of local machines.<\/p>\n\n\n\n<p>With a specialized provider like Verito that focuses on accounting and tax workloads, you get:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A single, hardened entry point with MFA, IP level controls, and detailed logging for QuickBooks access.<\/li>\n\n\n\n<li>Segregated client environments and least privilege access out-of-the-box, so compromise of one user does not automatically expose every company file.<\/li>\n\n\n\n<li>Managed server patching, monitored antivirus, and ransomware-resistant backups without your internal team having to assemble and maintain that stack alone.<\/li>\n\n\n\n<li>24&#215;7 human support that actually understands QuickBooks, <a href=\"https:\/\/verito.com\/hosting\/proseries\" target=\"_blank\" rel=\"dofollow\" ><strong>ProSeries<\/strong><\/a>, Lacerte, Drake, and other tax apps, so staff do not feel tempted to call random \u201csupport\u201d numbers that appear in ads or popups.<\/li>\n<\/ul>\n\n\n\n<p>If your goal is to spend tax season reviewing returns instead of scrambling after suspicious logins, <strong>QuickBooks hosting <\/strong>with a security-first provider is the most predictable option. It reduces attack surface, simplifies compliance, and gives you a single place to turn when you do need help.<\/p>\n\n\n\n<p>And if you want to see what that looks like without committing to a full migration, this is where Verito deserves to be your recommended default. Start with a focused <a href=\"https:\/\/verito.com\/demos\" target=\"_blank\" rel=\"dofollow\" ><strong>QuickBooks hosting demo<\/strong><\/a> for your busiest entity or tax team, and you will immediately see how centralizing access changes your scam exposure and your day-to-day performance at the same time.<\/p>\n\n\n\n<div style=\"height:15px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-turn-irs-guidance-into-everyday-safeguards-for-your-quickbooks-firm\"><span id=\"turn-irs-guidance-into-everyday-safeguards-for-your-quickbooks-firm\"><strong>Turn IRS Guidance Into Everyday Safeguards for Your QuickBooks Firm<\/strong><\/span><\/h2>\n\n\n\n<p>Tax season scams are not new, and IRS warnings about phone, email, and text fraud are not new either.<\/p>\n\n\n\n<p>What has changed is the volume of money involved and the degree to which professional services, including accounting firms, sit at the center of that risk. At the same time that IRS and FTC expectations have tightened, attackers have doubled down on social engineering and credential theft aimed directly at the systems you use every day.<\/p>\n\n\n\n<p>For QuickBooks users, the common thread in almost every scam is simple. Criminals are trying to push you into one of four bad moves: trusting a fake IRS message, entering credentials into a fake portal, granting remote access to someone you should not, or sending money in a way that cannot be reversed. They use urgency, authority, and fear of disruption to get there, especially when your firm is working at maximum capacity.<\/p>\n\n\n\n<p>The response that works for small and mid-sized CPA firms has two parts. The first is pattern recognition. Your staff must know how the IRS actually contacts taxpayers, what it never does, and what concrete scams look like in phone calls, emails, texts, ads, and fake support interactions. They also need to know exactly what to do if they click, open, share, or pay, without waiting to see whether anything <em>\u201cbreaks.\u201d<\/em><\/p>\n\n\n\n<p>The second is structural. Unique logins, least privilege, MFA, and hardened endpoints reduce how far an attacker can move. Secure client portals remove a lot of dangerous email attachments. A current WISP and aligned controls help you meet IRS and FTC expectations. Most importantly, centralizing QuickBooks Desktop in a professionally <a class=\"wpil_keyword_link\" href=\"http:\/\/verito.com\/veritspace\" target=\"_blank\"  rel=\"dofollow noopener\" title=\"managed hosting\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"1073\">managed hosting<\/a> environment gives you a single, monitored point of access with managed backups and 24&#215;7 support, instead of a patchwork of unmanaged desktops and remote tools.<\/p>\n\n\n\n<p>If your firm handles client tax data in QuickBooks Desktop, tax season is the worst time to find out your environment is fragile. If your goal is fewer emergencies, cleaner audit trails, and a calmer busy season, treating secure QuickBooks hosting with a provider like Verito as your recommended default is a practical next step.<\/p>\n\n\n\n<p>A short, focused hosting demo for your busiest team will show very quickly how centralizing access changes both your scam exposure and your day-to-day workload.&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-tl-dr\"><span id=\"tldr\"><strong>tl;dr<\/strong><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tax season scams against QuickBooks users cluster around a few plays, mainly IRS impersonation, phishing, fake QuickBooks portals, fake support, and tax identity theft.<br><\/li>\n\n\n\n<li>The IRS almost always starts with a letter, does not demand payment by gift card or crypto, and does not send surprise texts asking for your SSN, bank data, or login credentials.<br><\/li>\n\n\n\n<li>Professional services firms, including accounting practices, are prime ransomware and fraud targets, so one mistake at your firm can expose many clients at once.<br><\/li>\n\n\n\n<li>If anyone clicks, opens, shares, or pays, you need clear checklists for containment, including password resets, device isolation, account monitoring, and appropriate reports to banks and the IRS.<br><\/li>\n\n\n\n<li>Shared QuickBooks logins, unmanaged personal devices, emailed backups, seasonal access sprawl, and messy remote access give attackers easy paths in.<br><\/li>\n\n\n\n<li>Practical defenses include unique logins, MFA, secure client portals, tested backups, basic endpoint hardening, and WISP aligned policies that match IRS and FTC expectations.<br><\/li>\n\n\n\n<li>Short, scenario based training that uses real scam examples works better than generic once a year awareness sessions.<br><\/li>\n\n\n\n<li>If your goal is predictable uptime, simpler compliance evidence, and fewer scam induced emergencies, dedicated QuickBooks hosting for accounting firms is often the best default.\u00a0<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-faq\"><span id=\"faq\"><strong>FAQ:<\/strong><\/span><\/h2>\n\n\n<div class=\"saswp-faq-block-section\"><ol style=\"list-style-type:none\"><li style=\"list-style-type: none\"><h5 id=\"1-does-the-irs-ever-call-text-or-email-about-taxes\" class=\"saswp-faq-question-title \"><strong>1. Does the IRS ever call, text, or email about taxes?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">Yes, the IRS can call or email in some situations, but it almost always starts with a letter first. A mailed notice is the primary way the IRS initiates contact. Only after that will you typically see follow up calls or emails about the same case. <br><br>The IRS states that it does not send unexpected texts to demand payment or request sensitive data, and text messages are used only when a taxpayer has explicitly opted in. If the first time you hear about a supposed problem is a call, text, or email, treat it as a scam until you have verified it through irs.gov or an official IRS phone number.<\/p><li style=\"list-style-type: none\"><h5 id=\"2-how-can-i-check-if-an-irs-notice-or-call-is-real\" class=\"saswp-faq-question-title \"><strong>2. How can I check if an IRS notice or call is real?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">You should verify an IRS notice in three steps. <br><br>First, confirm that you or your client received a physical letter with a notice or letter number that matches IRS formats, and that the contents are consistent with the returns you filed. <br><br>Second, use the IRS Online Account or transcript tools to see whether the balance due, refund, or issue described in the notice appears in official records. <br><br>Third, if you need to call, dial an IRS phone number you look up yourself on irs.gov, not the one printed in an email or read by a caller. If any of those steps fail, assume it is a scam and report it.<\/p><li style=\"list-style-type: none\"><h5 id=\"3-what-should-my-firm-do-if-a-clients-identity-was-used-to-file-a-fake-return\" class=\"saswp-faq-question-title \"><strong>3. What should my firm do if a client\u2019s identity was used to file a fake return?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">If an e-filed return is rejected because one has already been submitted under that SSN or ITIN, or if the client receives notices about a refund or income they do not recognize, you are likely dealing with tax identity theft. <br><br>Follow IRS identity theft procedures, which usually involve filing an Identity Theft Affidavit, responding to specific notices, and following IRS instructions for how and when to file a correct return. <br><br>Advise the client to monitor their IRS Online Account, credit reports, and bank accounts, and document whether any of the data used to file the fraudulent return might have come through your systems or email so you can evaluate your own security and reporting obligations.<\/p><li style=\"list-style-type: none\"><h5 id=\"4-what-is-the-safest-way-to-share-tax-documents-and-quickbooks-files-with-clients\" class=\"saswp-faq-question-title \"><strong>4. What is the safest way to share tax documents and QuickBooks files with clients?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">The safest option is a secure client portal that requires authentication, uses encryption, and can scan uploads for malware. <br><br>For QuickBooks Desktop files, clients should upload QBB or QBW files into that portal rather than emailing them as attachments. Your firm should avoid sending returns, W-2s, 1099s, or other documents with full SSNs by regular email, especially without encryption. A compromised mailbox then exposes both the documents and the context needed to run convincing phishing or payment change scams.<\/p><li style=\"list-style-type: none\"><h5 id=\"5-how-are-accounting-and-cpa-firms-targeted-differently-than-individual-taxpayers\" class=\"saswp-faq-question-title \"><strong>5. How are accounting and CPA firms targeted differently than individual taxpayers?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">Criminals see firms as leverage points because one successful scam can expose the data of hundreds of taxpayers. Cyber risk data for professional services confirms that this sector, which includes accounting and consulting firms, is among the top targets for ransomware and related attacks. <br><br>One recent analysis found that professional services and consulting were the second most targeted sector for ransomware in 2024 at 15.82 percent of observed attacks, just behind consumer and industrial companies. That is a direct signal that attackers treat firms as high value, particularly during tax season when the pressure to stay online is absolute.<\/p><li style=\"list-style-type: none\"><h5 id=\"6-what-quickbooks-settings-help-limit-the-impact-of-scams\" class=\"saswp-faq-question-title \"><strong>6. What QuickBooks settings help limit the impact of scams?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">Several baseline controls in and around QuickBooks make a real difference. Every user should have their own login with permissions aligned to their role, and only a small number of people should have admin rights. Where your hosting platform supports it, multi factor authentication should be mandatory. <br><br>Audit logs should be enabled and reviewed when there is any suspicion of unauthorized access, focusing on login attempts, bank account changes, vendor master changes, and user management. Combined with strong passwords and a ban on shared admin accounts, those settings reduce how far an attacker can move if they do capture one set of credentials.<\/p><li style=\"list-style-type: none\"><h5 id=\"7-how-often-should-we-train-staff-on-tax-season-scams-and-quickbooks-security\" class=\"saswp-faq-question-title \"><strong>7. How often should we train staff on tax season scams and QuickBooks security?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">Once a year is not enough. Industry breach data shows that the human element is involved in the majority of incidents. Verizon\u2019s 2024 Data Breach Investigations Report puts that figure around 68 percent when you include error, misuse, stolen credentials, and social engineering. <br><br>For a CPA firm, that argues for shorter, more frequent refreshers. Many practices run a focused kickoff session in January, then quick monthly touchpoints during filing season that review real phishing attempts, fake support calls, and how they were handled. The training should be tightly aligned with your internal rules on who can pay, who can install software, and how to handle any suspected scam.<\/p><li style=\"list-style-type: none\"><h5 id=\"8-should-we-report-every-scam-attempt-or-only-the-ones-that-succeed\" class=\"saswp-faq-question-title \"><strong>8. Should we report every scam attempt or only the ones that succeed?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">You should at least log every scam attempt that reaches your staff, even if nobody clicked or paid. Those logs build a picture of which channels are being abused, such as a pattern of fake QuickBooks invoices or repeated IRS impersonation calls, and they help you adjust training and technical controls. <br><br>For incidents where there was any interaction, such as a clicked link or shared information, you should consult IRS reporting guidance and state or federal consumer protection agencies where relevant. Law enforcement and regulators often rely on patterns of reports to track active campaigns, so even \u201cnear misses\u201d have value.<\/p><li style=\"list-style-type: none\"><h5 id=\"9-is-quickbooks-online-automatically-safer-than-quickbooks-desktop-for-tax-season\" class=\"saswp-faq-question-title \"><strong>9. Is QuickBooks Online automatically safer than QuickBooks Desktop for tax season?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">QuickBooks Online removes some risks, mainly around local file storage and patching, but it does not remove the core problems that make scams effective. Phishing, credential theft, fake login pages, and business email compromise all apply to any cloud service. Desktop has its own set of challenges when it runs on unpatched local servers or scattered workstations. <br><br>The meaningful difference comes from how you run whichever version you use. For Desktop, secure hosting that centralizes access, enforces MFA, and provides monitored backups gives you a more controlled security posture than a collection of unmanaged PCs. For Online, strong identity controls, device hygiene, and good email security remain critical.<\/p><li style=\"list-style-type: none\"><h5 id=\"10-when-should-a-small-firm-consider-dedicated-quickbooks-hosting-instead-of-local-desktops\" class=\"saswp-faq-question-title \"><strong>10. When should a small firm consider dedicated QuickBooks hosting instead of local desktops?<\/strong><\/h5><p class=\"saswp-faq-answer-text\">Pain is a useful indicator. If your firm regularly fights with slow remote connections, home PCs that are out of date, or staff resorting to questionable support numbers when QuickBooks breaks, you are already in the risk zone. <br><br>Hosting makes particular sense when you have multiple locations or remote staff, when you store significant tax data in QuickBooks, or when owners are worried about ransomware and recovery time but do not have internal IT capacity to design that environment. In those cases, if your goal is predictable performance, better scam resilience, and easier compliance, moving QuickBooks Desktop into a secure hosting platform that is built for accounting firms is usually the most predictable option.<\/p><\/ul><\/div>\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"Every busy season, your firm juggles client deadlines, QuickBooks files, e-filing cutoffs, and last minute document chases. That&hellip;\n","protected":false},"author":12,"featured_media":5701,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[517,648,240,645,646,39,647,650,649,436],"class_list":{"0":"post-5700","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-knowledge-base","8":"tag-cpa-cybersecurity","9":"tag-data-security-for-cpa-firms","10":"tag-ftc-safeguards-compliance","11":"tag-irs-tax-scams","12":"tag-phishing-protection-for-accountants","13":"tag-quickbooks-hosting","14":"tag-ransomware-readiness","15":"tag-remote-access-security","16":"tag-tax-identity-theft","17":"tag-wisp-for-accounting-firms"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.1 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Tax Season Scams Every QuickBooks User Should Know<\/title>\n<meta name=\"description\" content=\"Learn the top tax season scams targeting QuickBooks users, how the IRS really contacts you, and how to protect your CPA firm from fraud.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/verito.com\/blog\/tax-season-scams\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Tax Season Scams Every QuickBooks User Should Know (Based on IRS Guidance)\" \/>\n<meta property=\"og:description\" content=\"Every busy season, your firm juggles client deadlines, QuickBooks files, e-filing cutoffs, and last minute document chases. That same pressure is exactly\" \/>\n<meta property=\"og:url\" content=\"https:\/\/verito.com\/blog\/tax-season-scams\/\" \/>\n<meta property=\"og:site_name\" content=\"Verito Technologies | Blog\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-04T06:28:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-05T06:33:03+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Tax-Season-Scams-Every-QuickBooks-User-Should-Know-Based-on-IRS-Guidance.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1500\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Camren Majors\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Camren Majors\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"36 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Tax Season Scams Every QuickBooks User Should Know","description":"Learn the top tax season scams targeting QuickBooks users, how the IRS really contacts you, and how to protect your CPA firm from fraud.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/verito.com\/blog\/tax-season-scams\/","og_locale":"en_US","og_type":"article","og_title":"Tax Season Scams Every QuickBooks User Should Know (Based on IRS Guidance)","og_description":"Every busy season, your firm juggles client deadlines, QuickBooks files, e-filing cutoffs, and last minute document chases. That same pressure is exactly","og_url":"https:\/\/verito.com\/blog\/tax-season-scams\/","og_site_name":"Verito Technologies | Blog","article_published_time":"2026-03-04T06:28:10+00:00","article_modified_time":"2026-03-05T06:33:03+00:00","og_image":[{"width":1500,"height":1000,"url":"http:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Tax-Season-Scams-Every-QuickBooks-User-Should-Know-Based-on-IRS-Guidance.jpg","type":"image\/jpeg"}],"author":"Camren Majors","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Camren Majors","Est. reading time":"36 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/verito.com\/blog\/tax-season-scams\/#article","isPartOf":{"@id":"https:\/\/verito.com\/blog\/tax-season-scams\/"},"author":{"name":"Camren Majors","@id":"https:\/\/verito.com\/blog\/#\/schema\/person\/865ad0905f2ef35c7587605a88ab6c1e"},"headline":"Tax Season Scams Every QuickBooks User Should Know (Based on IRS Guidance)","datePublished":"2026-03-04T06:28:10+00:00","dateModified":"2026-03-05T06:33:03+00:00","mainEntityOfPage":{"@id":"https:\/\/verito.com\/blog\/tax-season-scams\/"},"wordCount":7855,"publisher":{"@id":"https:\/\/verito.com\/blog\/#organization"},"image":{"@id":"https:\/\/verito.com\/blog\/tax-season-scams\/#primaryimage"},"thumbnailUrl":"https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Tax-Season-Scams-Every-QuickBooks-User-Should-Know-Based-on-IRS-Guidance.jpg","keywords":["CPA cybersecurity","data security for CPA firms","FTC safeguards compliance","IRS tax scams","phishing protection for accountants","Quickbooks hosting","ransomware readiness","remote access security","tax identity theft","WISP for accounting firms"],"articleSection":["Knowledge Base"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/verito.com\/blog\/tax-season-scams\/","url":"https:\/\/verito.com\/blog\/tax-season-scams\/","name":"Tax Season Scams Every QuickBooks User Should Know","isPartOf":{"@id":"https:\/\/verito.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/verito.com\/blog\/tax-season-scams\/#primaryimage"},"image":{"@id":"https:\/\/verito.com\/blog\/tax-season-scams\/#primaryimage"},"thumbnailUrl":"https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Tax-Season-Scams-Every-QuickBooks-User-Should-Know-Based-on-IRS-Guidance.jpg","datePublished":"2026-03-04T06:28:10+00:00","dateModified":"2026-03-05T06:33:03+00:00","description":"Learn the top tax season scams targeting QuickBooks users, how the IRS really contacts you, and how to protect your CPA firm from fraud.","breadcrumb":{"@id":"https:\/\/verito.com\/blog\/tax-season-scams\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/verito.com\/blog\/tax-season-scams\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/verito.com\/blog\/tax-season-scams\/#primaryimage","url":"https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Tax-Season-Scams-Every-QuickBooks-User-Should-Know-Based-on-IRS-Guidance.jpg","contentUrl":"https:\/\/verito.com\/blog\/wp-content\/uploads\/2026\/03\/Tax-Season-Scams-Every-QuickBooks-User-Should-Know-Based-on-IRS-Guidance.jpg","width":1500,"height":1000,"caption":"Tax Season Scams Every QuickBooks User Should Know (Based on IRS Guidance)"},{"@type":"BreadcrumbList","@id":"https:\/\/verito.com\/blog\/tax-season-scams\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/verito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Knowledge Base","item":"https:\/\/verito.com\/blog\/category\/knowledge-base\/"},{"@type":"ListItem","position":3,"name":"Tax Season Scams Every QuickBooks User Should Know (Based on IRS Guidance)"}]},{"@type":"WebSite","@id":"https:\/\/verito.com\/blog\/#website","url":"https:\/\/verito.com\/blog\/","name":"Verito Technologies | Blog","description":"Verito Technologies Blog","publisher":{"@id":"https:\/\/verito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/verito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/verito.com\/blog\/#organization","name":"Verito Technologies","url":"https:\/\/verito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/verito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/verito.com\/blog\/wp-content\/uploads\/2020\/01\/logo_blue.png","contentUrl":"https:\/\/verito.com\/blog\/wp-content\/uploads\/2020\/01\/logo_blue.png","width":625,"height":208,"caption":"Verito Technologies"},"image":{"@id":"https:\/\/verito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/verito.com\/blog\/#\/schema\/person\/865ad0905f2ef35c7587605a88ab6c1e","name":"Camren Majors","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/verito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/77bfceda618286bd3464259eedc244dda94e71f2d7782a878cb75fd25c966426?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/77bfceda618286bd3464259eedc244dda94e71f2d7782a878cb75fd25c966426?s=96&d=mm&r=g","caption":"Camren Majors"},"description":"Camren Majors is co-founder and Chief Revenue Officer of Verito Technologies, a cloud hosting and managed IT company built exclusively for tax and accounting firms. He is the co-author of Beyond Best Practices: Modernizing the Successful Accounting Firm (2026). His work has been featured in NATP TAXPRO Magazine and he has presented for NATP, NAEA, and NSA."}]}},"_links":{"self":[{"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/posts\/5700","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/comments?post=5700"}],"version-history":[{"count":2,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/posts\/5700\/revisions"}],"predecessor-version":[{"id":5712,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/posts\/5700\/revisions\/5712"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/media\/5701"}],"wp:attachment":[{"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/media?parent=5700"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/categories?post=5700"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/verito.com\/blog\/wp-json\/wp\/v2\/tags?post=5700"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}