Remember when scam emails were easy to spot? The Nigerian prince with questionable grammar? Those days are rapidly becoming quaint, nostalgic memories. Today’s digital threats are wearing sophisticated masks, powered by the same AI tools revolutionizing legitimate business. But here’s the good news: understanding these evolving threats is your first line of defense.

The AI Revolution Cuts Both Ways

While we’re leveraging AI to streamline processes and increase work life balance, bad actors are using similar tools to craft increasingly convincing schemes. The technology that helps us serve our clients better is, unfortunately, also making scammers more dangerous.

But knowledge is power, and that’s exactly what we’re sharing today.

The New Threats on Your Digital Doorstep

1. The California FTB Text Scam: A Real-Time Warning

Right now, Californians are being bombarded with fake text messages claiming to be from the Franchise Tax Board about tax refunds. An example would be: “Your tax refund has been processed, click here to provide bank details.” It’s 100% fake. The FTB never texts about refunds—period. These scams use fake domains (ending in .cc or .net instead of .ca.gov) or spoof legit phone numbers and create false urgency with threats about “losing your refund forever.”

Your defense strategy:

  • Delete any unexpected FTB refund texts immediately
  • Never click links—the real FTB only uses .ca.gov domains
  • Call the FTB directly at 800-852-5711 to verify any refund questions
  • Forward scam texts to 7726 (SPAM) to report them

Quick tip: Save the FTB’s real number in your phone now, before you need it.

2. Deepfake Voice Cloning: When “Trust Your Ears” No Longer Applies

The threat is real: Scammers can now clone voices with just a few seconds of audio—perhaps from a voicemail greeting or social media video. Imagine receiving a frantic call from your “CFO” requesting an urgent wire transfer, complete with their distinctive speech patterns and familiar phrases.

Your defense strategy:

  • Establish a verbal “safe word” for financial requests within your organization
  • Always verify urgent requests through a second communication channel (Teams, text, email, etc.)
  • Question unexpected urgency—legitimate emergencies rarely bypass normal protocols
  • Consider implementing callback procedures using known phone numbers

Quick question to consider: Does your team have a verification protocol for unexpected financial requests? If not, it might be worth considering.

3. AI-Powered Phishing: The End of Obvious Red Flags

Gone are the typos and awkward phrasing. Today’s AI-generated phishing emails can mimic your vendors’ writing style, reference real projects, include logos and even respond convincingly to your questions. They’re analyzing LinkedIn profiles, company websites, and public data to craft targeted attacks that feel genuinely personal.

Your defense strategy:

  • Hover over links before clicking (check those URLs carefully!)
  • Verify sender email addresses character by character
  • Be suspicious of unexpected attachments, even from “known” contacts
  • Enable multi-factor authentication on all critical accounts
  • Utilize an enterprise grade spam filter
  • When in doubt, pick up the phone and verify directly

4. Business Email Compromise 2.0: The Long Game

Modern scammers aren’t always after quick wins. They’re using AI to analyze communication patterns, learning when invoices are typically sent, who approves them, and what they usually look like. Then they strike with perfectly timed, expertly crafted requests that slip through the cracks.

Your defense strategy:

  • Implement approval workflows for all financial transactions
  • Regularly audit and update vendor contact information
  • Create separate verification channels for payment changes
  • Train your team to spot subtle anomalies in routine requests

The Intersection of Tax Season and Cyber Threats

As your CPA firm, we need to talk about a particularly nasty trend: tax-season targeted attacks. Scammers know when you’re expecting communications from us, the IRS, or state agencies. They’re timing their attacks accordingly.

Red flags during tax season:

  • Unexpected “refund” notifications requiring immediate action
  • Requests for tax information via email and sent through an unsecure portal
  • Fake IRS communications demanding payment in gift cards or cryptocurrency
  • Phishing emails disguised as document-sharing requests from your CPA

Here’s our commitment: Linkenheimer LLP will always requests information through secure, established channels. If something seems off, trust your instincts and give us a call.

Practical Steps You Can Implement Today

For Business Owners:

  1. Conduct a “Fire Drill” – Test your team with a simulated phishing attempt (we can recommend reputable services)
  2. Review Wire Transfer Protocols – Require dual approval for transfers above certain thresholds
  3. Invest in Security Training – Your people are your best defense when properly equipped
  4. Create an Incident Response Plan – Know what to do before something happens

For Individuals:

  1. Freeze Your Credit – It’s free and one of the most effective identity theft preventions
  2. Use a Password Manager – Unique, complex passwords for every account (yes, every single one)
  3. Enable Account Alerts – Get notified of any unusual activity immediately
  4. Regular Security Checkups – Review account permissions and connected apps quarterly

The Silver Lining: Technology as Your Shield

While AI amplifies threats, it’s also revolutionizing defense. Modern security tools use machine learning to detect anomalies humans might miss.

Consider exploring:

  • AI-powered email filtering services
  • Behavioral analytics for unusual account activity
  • Automated backup solutions that protect against ransomware
  • Zero-trust network architectures for remote work

Looking Forward: Your Questions Shape Our Solutions

As we navigate this evolving landscape together, we’re curious about your experiences and concerns:

  • What security challenges keep you up at night?
  • Have you encountered any suspicious attempts recently?
  • What tools or training would help your team feel more confident?
  • How can we better support your efforts alongside your financial needs?

The Bottom Line

The threat landscape is evolving, but so are the tools and strategies to combat it. The key isn’t paranoia—it’s informed vigilance. By understanding how modern scams operate and implementing practical defenses, you’re already ahead of the game.

Remember, security isn’t a destination; it’s an ongoing journey. And like your financial health, it benefits from regular checkups and professional guidance.