The IRS warned: tax season phishing spikes 300%+ for accounting and CPA firms. W-2 BEC fraud, IRS impersonation scams, and client tax data as ransomware target. Direct Calendly booking — no redirect. Live expert sessions from $150.
Wolters Kluwer/CCH breach, regional ransomware events, BEC payroll diversion, tax season phishing campaigns — documented patterns with real dollar losses.
Wolters Kluwer/CCH disruption, AI-generated tax season phishing, regional ransomware at mid-size firms, BEC payroll diversion attacks ($340K payroll fraud at a Pacific Northwest firm), and W-2 BEC targeting 47 clients. Each pattern with real losses and what training prevents it.
Read the full incident report →Not generic IT security content. Scenarios drawn from the actual breach patterns that hit accounting and CPA firms during tax season and year-round — W-2 fraud, IRS impersonation, client data ransomware.
IRS impersonation emails spike 300%+ in Q1. Attackers spoof IRS.gov sender addresses, use language from actual tax forms, and create urgency around filing deadlines to bypass scrutiny. This drill covers the full threat surface your staff faces during the busiest — and most dangerous — months of the year.
W-2 Business Email Compromise targets HR and payroll staff during Q1 with forged executive emails requesting employee W-2 data. The data is used for fraudulent tax returns or sold on dark web markets. This drill covers the exact pattern — and the phone verification protocol that stops it.
Your firm holds the financial DNA of every client you serve — SSNs, EINs, bank accounts, M&A data, P&L statements. One ransomware event can expose hundreds of client records at once. This drill covers the controls that matter most for client data protection in an accounting context.
IRS Publication 4557 (2022) recommends annual cybersecurity training for tax professionals. The FTC Safeguards Rule (2023 amendments, 16 CFR Part 314) mandates security awareness training as a written program requirement — not optional. GLBA's Safeguards Rule (2021 updated requirements) covers firms providing financial services. A documented training record satisfies all three and is increasingly required for cyber insurance renewals and IRS ERO compliance reviews.
Book Training — Compliance Aligned →All three tiers include tax season phishing scenario content, W-2 BEC drills, and FTC Safeguards Rule / IRS Pub 4557 alignment documentation. Pick the tier that fits your firm.
Free Download
5 attack patterns, DMARC enforcement guide, out-of-band verification protocol, and 3 tabletop scenarios. Built for accounting firms handling client funds, vendor payments, and payroll.
Free Download
50-question vendor security questionnaire, risk-tiering matrix (Tier 1/2/3), scoring rubric (0–100), 14 contractual must-haves, and regulatory crosswalk for GLBA §314.4(f) and SOC 2 CC9.2. Know the security posture of every cloud vendor and sub-processor before they touch client data.
Tax season phishing spikes 300%+ for accounting firms. IRS impersonation, W-2 BEC fraud, and client data ransomware all peak January–April. Train your team before the busiest — and most targeted — months of the year.
Direct Calendly booking — no /book intermediary. Sessions typically available within 48 hours.