DMARC for Accountants: Stop Email Impersonation Before Tax Season
Tax season is open season for email impersonation of accountants. Here is how DMARC stops criminals emailing your clients in your name.
Accountancy practices handle exactly what fraudsters want: client money, sensitive financial data, and a busy calendar. Around tax deadlines, a spoofed email from your firm asking a client to pay or share details is dangerously easy to fall for.
What this short video covers
- Why accountants see more impersonation attempts around self assessment and year end
- How spoofed email uses your real domain to fool clients
- What DMARC, SPF and DKIM each do in plain English
- Why having had no problem yet is not the same as being protected
- How monitoring shows you who is sending mail in your name
When a client receives an email that appears to come from their accountant, they tend to act on it, especially under deadline pressure. Criminals know this and forge your domain to request payments or capture login details. If your domain is not protected, those forged messages are delivered as if they were really from you.
DMARC lets you tell the world which servers are allowed to send on your behalf, and instruct receivers to reject the rest. Setting it up is straightforward, but it has to reach an enforcing policy and stay there. Continuous monitoring is what keeps it working as you add tools like practice management software, payroll and email marketing.
Start your free health checkSubscribe for £39 per domain, per month