Outline Emails purporting to be from the American Institute of CPAs (AICPA) claims that the recipient's Certified Public Accountant license may be revoked due to accusations of tax fraud.
Brief Analysis
The emails are not from the AICPA. In fact, they are attempts by Internet criminals to trick recipients into installing malware.
Scroll down to submit comments
Last updated: 22nd February 2012
First published: 22nd February 2012
Article written by Brett M. Christensen About Brett Christensen and Hoax-Slayer
Examples
Subject: Income tax return fraud accusations
Revocation of CPA license due to tax return fraud accusations
Dear accountant officer,
We have been informed of your alleged assistance in income tax infringement on behalf of one of your employees. According to AICPA Bylaw Paragraph 730 your Certified Public Accountant license can be withdrawn in case of the aiding of filing of a misguided or fraudulent tax return for your client or employer.
Please familiarize yourself with the complaint below and provide your feedback to it within 14 days. The failure to do so within this period will result in suspension of your Accountant license.
Complaint.pdf
Subject: Termination of your CPA license
Cancellation of Public Account Status due to income tax fraud accusations
Valued AICPA member,
We have received a notice of your alleged participation in income tax infringement for one of your employers. According to AICPA Bylaw Paragraph 700 your Certified Public Accountant license can be revoked in case of the act of submitting of a misguided or fraudulent income tax return for your client or employer.
Please be notified below and provide your feedback to it within 7 days. The failure to respond within this term will result in suspension of your Accountant status.
Complaint.doc
Detailed Analysis
These emails, which purport to be from the American Institute of CPAs (AICPA) and arrive complete with seemingly official AICPA logos, warn recipients that their Certified Public Accountant license may be revoked due to accusations of tax fraud. The messages claim that recipients may have submitted a "misguided or fraudulent income tax return" for a client or employer. Recipients are advised to follow a link to a complaint document and provide feedback before a specified deadline to avoid license suspension.
However, the emails are certainly not from AICPA and the claims of tax fraud are simply the bait designed to trick recipients into clicking the bogus "complaint" link. Those who do follow the link will be taken to a compromised website that attempts to use an exploit to download malware. Subject lines and other details in the malware emails vary, but the "complaint" link in all of them leads to websites that harbour malware. The scammers have used HTML to disguise the link so that - at first glance - it appears to point to a harmless .doc Word document when in fact it points to a website.
The scammers rely on the fact that at least a few of the people who receive the scam messages will be CPAs and, of those few, some will be panicked enough to follow the link without due care and attention. And, even a few people who are not CPAs may click the link out of curiosity or because they believe that an error has been made that needs to be rectified.
The AICPA has issued an alert about the malware attack on its website, which notes:
On Thursday February 16, 2012, the AICPA became aware of a fraudulent email phishing scam using an AICPA banner and referencing the recipient’s possible involvement in an unlawful income tax refund activity that was sent to numerous individuals, CPAs, non-CPAs and members of the general public.
Messages may appear to come from senders such as the AICPA, Southwest Airlines, American Airlines or other well known sources including the Better Business Bureau.
This email is not from the AICPA nor from the AICPA database.
As malware campaigns go, this is a fairly sophisticated attempt. Don't be fooled! If you receive one of these emails, do not follow any links or open any attachments that it may contain.
