Business email compromise is no longer a scam you can spot by a typo in the sender’s name. AI-powered impersonation now produces emails indistinguishable from your managing partner’s writing style, your largest client’s CFO, or your firm’s bank contact. Los Angeles CPA firms are high-value targets because you manage wire transfers, tax payments, and real estate closings, and your clients extend implicit trust to every email that appears to come from you.
In 2024, business email compromise attacks caused $2.77 billion in financial loss across 21,442 incidents reported to the FBI’s Internet Crime Complaint Center. Most of that money is gone before anyone realizes the cybercrime has occurred.
Understanding how BEC attacks work, and how to build the technical and procedural controls that stop them, is now a core requirement for every Los Angeles accounting firm operating under IRS Publication 4557 and FTC Safeguards compliance obligations.
Tech Advisors was founded by CPAs and builds cybersecurity programs specifically for accounting firms facing these threats.
Key takeaways
- Multi-factor authentication is the single most effective barrier against the account takeovers that enable BEC attacks.
- Never approve a bank account change based solely on an email, even if the sender’s address looks legitimate.
- DMARC, SPF, and advanced email filtering stop lookalike domains from reaching the inbox before a human has to catch them.
- Ongoing phishing simulations prepare your staff to recognize the false urgency tactics used in tax-season scams.
- BEC prevention is not just a security best practice. It is a documented requirement under IRS 4557 and your firm’s WISP.
The mechanics of the scam: why accounting firms are prime targets
The “follow the money” strategy
Attackers target CPA firms because your workflows involve high-dollar, time-sensitive financial transactions. Tax payments, payroll runs, real estate closings, and client wire transfers all move under deadline pressure. That pressure creates the opening. A spoofed email from a “client CFO” requesting a wire transfer change lands during a peak filing window, when your staff is processing dozens of similar requests and verifying each one individually feels like a bottleneck.
BEC scammers do not rely on luck. They map your firm’s workflows, monitor email communication patterns, and time their attacks to coincide with real transactions already in motion. Common payloads include fraudulent payment requests, fake invoices for legitimate-seeming vendors, gift card demands, and misdirected funds transfer instructions. These cyberattacks succeed because they arrive during the same windows as legitimate financial activity.
The anatomy of impersonation
Modern BEC attacks utilize lookalike domains such as yourfirm-cpa.com or yourfirmcpa.net. These addresses are designed to pass a quick visual scan by mimicking your actual domain.
Some hackers execute email account compromise directly, using malware or stolen login credentials to send fraudulent instructions from a legitimate email address. These spear phishing attacks specifically target partners and managing partners, using social engineering to pressure lower-level employees to bypass normal approval workflows and expose sensitive information.
Cybercriminals increasingly use artificial intelligence tools to clone the writing style, tone, and signature format of the person they are impersonating. That level of detail makes it much harder to detect suspicious requests, particularly when sensitive data is moving in real time. These AI cyber attack statistics show how rapidly AI-powered phishing has scaled across professional services targets.
The hybrid work vulnerability
Remote audit teams and distributed tax staff expand the entry points for credential theft. A staff member connecting from a home network, a shared co-working space, or a personal device without endpoint protection is a phishing email away from handing attackers valid credentials for your firm’s email system.
Once inside, BEC scammers typically set up email forwarding rules that silently redirect financial correspondence, enabling data theft and intelligence gathering over weeks before executing the fraud. Proactive risk management means closing those access points before cyber threats reach the inbox.
Layered defense: strategic BEC prevention for CPAs
Hardening the entry point
Multi-factor authentication (MFA) on every account is the single highest-leverage control against account takeover, which is the prerequisite for most BEC attacks. Deploying MFA across email, cloud services, tax software portals, and remote access tools closes the stolen-credentials pathway that enables most BEC scams. Zero-trust access policies extend that protection by requiring device health verification alongside identity validation, so a compromised password alone is not enough to access firm systems.
Technical shields: DMARC, SPF, and email filtering
DMARC (Domain-based Message Authentication, Reporting, and Conformance), combined with SPF and DKIM records, prevents your domain from being spoofed in outbound attacks and blocks spoofed inbound messages from reaching your team. Following Google’s enforcement of new sender requirements in 2024, Gmail reported a 65% reduction in unauthenticated messages delivered to inboxes.
Advanced email filtering adds a second layer: scanning message content, link destinations, and attachment behavior before messages reach any staff member. Phishing attacks that bypass DMARC through typosquatted domains are caught at the content layer.
Process-based controls
Technical defenses stop many attacks. Process controls stop the rest. Every request to change payment instructions, bank account numbers, or wire transfer routing must be verified through an out-of-band channel: a phone call to a phone number on file, not to any number included in the request. That email security procedure, applied consistently across your firm, eliminates the most common BEC execution path.
Employee training on this verification step is as important as any technical control. For a deeper look at phishing tactics and protecting your firm, that resource covers the full range of delivery methods used by BEC attackers.
Building a culture of skepticism
Annual security awareness training is not enough for accounting firms in a high-target sector.
The goal is to move beyond generic training. We implement simulations specific to CPA workflows, including fraudulent wire requests, impersonated bank notifications, and fake e-file confirmation links. These exercises build sharp reflexes before a real attack can cause reputational damage.
See why vigilance is the key to preventing cyberattacks, for the case on why behavioral training outlasts any single technical control.
The Tech Advisors advantage: cybersecurity built for accountants
Specialized compliance knowledge
Tech Advisors was founded by CPAs, and that foundation shapes every security recommendation. BEC prevention for an accounting firm is not just a cybersecurity project. It is a compliance deliverable. IRS Publication 4557 requires tax preparers to maintain documented security controls. The FTC Safeguards Rule mandates a written information security plan covering access controls, monitoring, and incident response. Your WISP needs to address the specific threat vectors, including BEC, that your firm faces.
Tech Advisors builds security programs that satisfy those requirements, not generic IT checklists adapted from non-accounting environments.
Proactive 24/7 monitoring
Email auto-forwarding rules, unusual login locations, and off-hours access to financial systems are behavioral signals indicating an active BEC intrusion. Tech Advisors’ 24/7 monitoring detects those anomalies in real time and escalates them before a fraudulent wire transfer completes. During tax season, when your firm is most active and most targeted, that monitoring posture is not optional.
CPA-industry continuity
When a BEC incident occurs, response speed determines financial outcome. The FBI IC3 Recovery Asset Team reported a 66% success rate in freezing fraudulent BEC transfers in 2024, but only when law enforcement and your financial institution are notified quickly.
Tech Advisors provides incident response support to notify the appropriate parties, preserve digital evidence, and initiate recovery procedures within the time window when recovery is still possible.
Final thoughts: Protecting the trust bridge
Your clients wire funds and share financial information because they trust you. A business email compromise attack does not just cost your firm money. It destroys the trust your firm has built through years of client service.
The technical controls exist. The compliance requirements are clear. What most Los Angeles accounting firms lack is a partner who understands both simultaneously.
Schedule your BEC security assessment with Tech Advisors and close the gaps before they become losses.
FAQs
What is the most common red flag of a business email compromise attack on an accounting firm?
The most common red flag in a business email compromise attack is urgent payment instructions sent by email. Attackers often request a wire transfer or a change to bank details and push staff to act quickly before verification. Los Angeles accounting firms should require phone verification using a known number before approving any payment change.
Is email encryption enough to stop business email compromise for CPA firms?
No, email encryption alone does not stop business email compromise attacks. BEC scams rely on spoofed or compromised accounts, not intercepted messages. Accounting firms must combine MFA, DMARC email authentication, advanced filtering, and out-of-band payment verification to block these attacks.
How can Los Angeles accounting firms prevent business email compromise attacks?
Los Angeles accounting firms prevent business email compromise by combining technical controls and verification procedures. MFA blocks account takeover, DMARC prevents domain spoofing, and phishing simulations train staff to recognize fraudulent payment requests. A CPA-focused cybersecurity program ensures these controls meet the requirements of IRS Publication 4557 and the FTC Safeguards.
