McGowanPRO Professional Liability Blog / Resources / Articles

PHISHING? What is it and why you need to be concerned

Posted by Gary Sutherland on Fri, Nov 18, 2016 @ 11:48 AM

At NAPLIA, we strive to be proactive in addressing the changing risks affecting CPA firms

When it comes to protecting your client’s data, social engineering is continually evolving as an important topic in risk management.  Social engineering is a whole category of threats, encompassing the many ways “bad guys” try to trick employees into disclosing information.

Firms like yours are especially rich targets for social engineering due to the amount of sensitive financial and personal information with which they are entrusted.  Technology-based controls and prevention measures are being overwhelmed by new social engineering techniques and the sheer number of attacks.

The best preventative measure against social engineering attacks is education. At NAPLIA, our goal is “provide more than a policy” with education and services that protect your practice.


NAPLIA offers a free phishing test for our clients which sends a harmless test email to each of your employees.  A report is then emailed to your firm’s insurance contact which summarizes how many people opened the email and how many people clicked the “malicious” link within it.  When an employee opens a link, they will receive a list of tips on how to avoid opening a phishing email in the future.

Some of the emails we have sent include:

  • A forged FedEx Shipping Notification (your company address to be shown in delivery address field):
FedEx Phish.png
  • A forged LinkedIn Invitation
LinkedIn Phish.png
  • A Dropbox notification about “tax return source information”
Dropbox Phish.png

How many employees at your firm will open the next Phishing Email? Most studies say that 35% of all phishing emails are opened at least once.


Rob Ferrini | Program Manager | NAPLIA

Direct: 508.656. 1327 |Toll Free: 866.262.7542, ext. 1327