We’ve heard numerous horror stories over the years of business owners falling victim to sophisticated phishing scams that compromise their operations, cost them thousands of dollars, and expose their customers to risk. Hackers are evolving rapidly, making it harder to distinguish between malicious threats and everyday emails.

Our goal here is to empower, not scare you. The good news? Many of these threats are avoidable with vigilance. Hackers are even craftier than before, and phishing schemes have adapted to exploit newer technologies. However, with a few best practices, you and your team can keep your data safe from current phishing trends.

Below, we outline some common phishing threats and offer ways to safeguard against them.

Common Threat 1: Impersonation of Accounting or Financial Software

Phishers continue to target users of popular accounting software, impersonating platforms like QuickBooks with claims such as “Your file is corrupted,” “Your payment method is expiring,” or “Your software needs an urgent upgrade.” The goal is to either convince you to pay for a fake service or grant them access to your system.

How to dodge the threat: Always verify the sender’s email address. Emails from Intuit or QuickBooksⓇ will end with “@intuit.com” or “@quickbooks.com.” If you receive a suspicious email, permanently delete it. Do not provide sensitive information or remote access to anyone unless they are a trusted, verified partner.

Common Threat 2: The Rise of AI-Assisted Phishing

Hackers are now leveraging AI tools to generate phishing emails that mimic legitimate communications. These emails may come from familiar addresses or look nearly identical to a colleague’s typical correspondence, including personalized details that make the email seem even more credible.

How to dodge the threat: Never click on links or download attachments from unexpected emails, even if they appear to come from trusted contacts. Always hover over links to preview the URL and verify its legitimacy. AI tools are being used both by hackers and cybersecurity experts, so staying ahead of phishing trends is more important than ever.

Common Threat 3: “You Have Voicemail,” “Urgent Invoice,” and “Thanks for Your Purchase” Emails

While voicemail and invoice phishing schemes aren’t new, hackers are increasingly using these tactics to create a sense of urgency. You might receive an unexpected email about a voicemail or invoice, often from a service you don’t use. In addition, we’ve seen emails alerting you to free prizes – you’ve won a free trip – with a link to click to claim your prize.

Lastly in this category, there is a new strategy in which phishers send “confirmation” emails suggesting that you’ve made a subscription purchase, going so far as to even include a pdf of a phony receipt.

How to dodge the threat: If something feels off, it probably is. Never download an attachment or follow a link without verifying the source through another channel. Call the service provider directly to check whether they sent the email, and always be wary of “business” emails that end in @gmail.com, @yahoo.com, etc.

Common Threat 4: The QR Code Swap

QR codes have become a ubiquitous tool, especially in restaurants and retail. However, phishers now use QR codes to disguise malicious URLs. They may overlay fake QR codes in public spaces or send phishing emails with QR codes that link to compromised websites or malware.

How to dodge the threat: Before scanning a QR code, double-check its placement and ensure it hasn’t been tampered with. After scanning, review the web address that appears and make sure it’s legitimate before clicking. If something feels suspicious, don’t scan the code.

Common Threat 5: Social Engineering on Social Media

Phishing attacks are increasingly moving to social platforms like LinkedIn and Facebook. Hackers may pose as recruiters, customers, or industry professionals to extract personal information or trick you into downloading malicious files.

How to dodge the threat: Be wary of unsolicited messages from strangers on social media, especially those requesting personal details or sharing links. Always verify the identity of anyone asking for sensitive information and avoid clicking on unknown links shared via direct messages.

Best Practices: Staying Secure in the Age of Evolving Phishing Tactics

While phishing techniques continue to evolve, the core defenses remain the same: vigilance, awareness, and caution. Here are some key best practices to follow:

  • Set up multi-factor authentication (MFA): Use MFA wherever possible. This could involve receiving a code via text, email, or through an authenticator app like Google Authenticator. MFA adds an extra barrier for hackers, making it far less likely they’ll succeed even if they gain access to your credentials.
    Use strong, unique passwords: Password management apps like LastPass or 1Password can generate complex passwords and securely store them. Avoid reusing passwords across different accounts.
  • Stay informed on new phishing tactics: Cybercriminals are constantly adapting. Subscribe to trusted cybersecurity news outlets like PCMag, Forbes, or TechCrunch to stay updated on the latest phishing techniques.
  • Train your team: Cybersecurity isn’t just an IT responsibility—it’s an organization-wide effort. Conduct regular phishing simulations and training sessions to ensure that your employees recognize suspicious activity and respond appropriately.
  • Don’t open doors for strangers: Whether in person or online, never allow someone to access your computer or accounts unless you have verified their identity through an established and trusted channel. If in doubt, don’t engage.
  • Verify email senders: Always check email addresses carefully. A small typo or strange domain could indicate a phishing attempt. Cross-check with trusted sources if something feels off.
  • Use secure file-sharing methods: When sending or receiving sensitive information, avoid doing so via email. Use encrypted file-sharing services like SmartVault or similar tools.
  • Trust your instincts: If something feels off, don’t proceed. Whether it’s a weirdly worded email or a strange request, your gut is often a good first line of defense against phishing attempts.

It’s more important than ever to remain cautious and aware of evolving cybersecurity threats. Phishing is becoming more sophisticated, but by staying alert and following these best practices, you can protect your business and personal data from harm.

If you’re unsure about an email or solicitation, especially related to your accounting software, reach out to us. We’re always here to help!

Our “Comprehensive COVID-19 Sick Pay and Paid Leave” YouTube tutorial has helped thousands of people since it was released last year, teaching QuickBooks Desktop users how to set up COVID-19 Sick Pay, FMLA, and Health Premiums under the Families First Coronavirus Response Act (FFCRA).

Recently, the tutorial received some updates. Below, you’ll find helpful screen grabs and instructions with the most up-to-date information about the processes explained in this video. The times mentioned below are all hyperlinked to the video and will route you directly to the timestamp being mentioned for ease of access. For additional helpful information, make sure to view the comments section of the video.

The video can be viewed in its entirety here: https://www.youtube.com/watch?v=D8zIiPk3eNI&t=2s

1. At 6:03, we discuss creating a COVID-19 employee sick pay item. The video shows that the social security company tax is checked, which is no longer correct. To revert back to the correct tax settings, select the “default” button. The screenshot below demonstrates the correct tax settings:

 

2. At 7:17, we discuss creating a family sick pay item. To revert to the correct tax settings, select the “default” button. The correct settings are reflected in the screenshot below:

3. At 8:30, we discuss creating a child care pay item. To revert to the correct tax settings, select the “default” button. The correct settings are reflected in the screenshot below:

4. At 11:48, we discuss setting up a national paid leave credit. A second company contribution for the COVID-19 Medicare credit should have been created; Intuit later released information on this, and while the comments in the video contain this update, we wanted to ensure this information was easily accessible. The seven consecutive screenshots present the correct steps to take.

5. At 15:28, we discuss health premiums. These need to be apportioned to the COVID sick time pay.

6. At 17:51, we discuss payroll liabilities. The video shows that the Medicare employee additional tax is checked, however, it should not be. Instead, the following items sh0uld be checked off:

  • the federal withholding
  • the Medicare company
  • the Medicare employee withholding
  • the social security company (this should be zero for COVID pay)
  • social security employee withholding
We hope this clears up any questions about the COVID-19 sick pay and paid leave process. Make sure to view the comments for additional helpful information, and subscribe to our channel to be notified about future videos!

Video Tutorial: Part 2 of Paying Employees under the Families First Coronavirus Response Act.

An addition to our previous video, “How To Track COVID19 Paid Leave in QuickBooks Desktop”. We make a quick adjustment to the last account set up. Part 2 of Paying Employees under the Families First Coronavirus Response Act.

With Rhonda Rosand, CPA of New Business Directions

For more information on what you need to know about the Families First Coronavirus Response Act: https://quickbooks.intuit.com/learn-support/en-us/help-articles/ffcra/00/517349

April 3, 2020

Both the CARES Act and the Families First Act include a variety of relief measures for small businesses, individuals and certain nonprofit organizations.  There are tax benefits, tax credits, direct payments, loan programs, grant programs, expanded unemployment benefits and other resources meant to incentivize businesses and nonprofits and encourage employee retention.

We’re sorting this out as fast as possible and we’ll do everything we can to keep you up to date.  This is a moving target – forms and links change as new information becomes available.

You can also check https://home.treasury.gov/cares for the latest information as updates are happening on a daily basis.

Payroll processing companies are working hard to figure out all of the mechanics of the Families First Act and how to report what employers pay for sick time to their employees that would qualify for the payroll tax credits.  We’ll keep you updated as we learn more.

Below is a partial list of resources for you to review and consider:

 

Economic Injury Disaster Advance Loan

In response to the Coronavirus (COVID-19) pandemic, small business owners in all U.S. states, Washington D.C., and territories are eligible to apply for an Economic Injury Disaster Loan advance of up to $10,000.

This advance will provide economic relief to businesses that are currently experiencing a temporary loss of revenue. Funds will be made available within three days of a successful application. This loan advance will not have to be repaid.

Apply for the Loan Advance       https://covid19relief.sba.gov/#/

Read the US Chamber Guide          https://www.uschamber.com/report/guide-sbas-economic-injury-disaster-loans

Small Business Emergency Loan Guide – Updated

The U.S. Chamber’s Coronavirus Small Business Emergency Loan Guide, first issued last week, outlines the steps small businesses need to take to access much-needed Payroll Protection Program (PPP) funds.

The guide now includes important information including key dates as the government moves toward implementation. Recently, the Treasury Department issued more details on this paycheck protection program and a loan application available for download.

Starting April 3, small businesses and sole proprietorships can apply for loans.

Starting April 10, independent contractors and self-employed individuals can apply for loans.

There is a funding cap, so the Treasury Department recommends applying as soon as possible.

Be sure to send data using secure methods – these forms include personal and confidential information

Read the US Chamber Guide    https://uschamber.com/sbloans

Download the Application           https://www.sba.gov/document/sba-form–paycheck-protection-program-borrower-application-form

Employee Retention Tax Credit Guide

The CARES Act created a new employee retention tax credit for employers who are closed, partially closed, or experiencing significant revenue losses as a result of the coronavirus.  Employers who receive a Paycheck Protection Program (PPP) loan are not eligible for this tax credit.

Read the US Chamber Guide https://uschamber.com/ertc

Families First Coronavirus Response Act: Employer Paid Leave Requirements

The Families First Coronavirus Response Act (FFCRA or Act) requires certain employers to provide their employees with paid sick leave or expanded family and medical leave for specified reasons related to COVID-19.[1] The Department of Labor’s (Department) Wage and Hour Division (WHD) administers and enforces the new law’s paid leave requirements. These provisions will apply from the effective date through December 31, 2020.

https://www.dol.gov/agencies/whd/pandemic/ffcra-employer-paid-leave

Stay Safe – Stay Healthy,

Rhonda Rosand, CPA

See Rhonda’s tutorial on how and why to track COVID-19 expenses in QuickBooks:

Wishing you the Happiest of Holidays

and all the Best in the New Year!

 

From all of us at New Business Directions

 

Rhonda, Wayne, Suzy, Kendra, Britney, Trudi, Kristen, and Freckles

m8781_z