And just who, you may be asking, is Jackie Marie Peters? Put simply, Jackie Marie is your firm's biggest nightmare.
No, she's not a client who never delivers her documents on time, or never pays her bill. Nor is she a staff member refusing to work 80 hours a week in tax season, or an overworked IRS employee who keeps you on hold and then can't answer your question. She's not even a member of Congress.
No, Jackie Marie is a real, actual nightmare. She's a fraudster who was recently sentenced to 18 months in prison for her role in a scheme that involved hacking into the network of an accounting firm in Arizona and modifying the in-progress tax documents of more than 40 clients to inflate their refunds, and then arranging for those refunds (and some COVID relief payments) to be paid into bank accounts that she established and controlled — all without the knowledge of the taxpayers or the firm. She got away with more than $2.5 million.
You may tell yourself that your firm is too small for this, but this was a local CPA practice, not some Big Four firm.
You may tell yourself that you'd notice this kind of activity right away, but Jackie Marie and her confederates were inside the target firm's network for two years — from 2020 to 2022.
You may tell yourself that this kind of thing doesn't happen that often, but it does — and it's going to happen more, as the capabilities of fraudsters expand through artificial intelligence, massive increases in computer power, and our ever-growing reliance on technology.
The obvious answer is never to use technology at all, but since that horse is out of the barn, start by keeping these three facts in mind:
- Everyone is vulnerable. Jackie Marie doesn't care how big you are; in fact, she and her ilk may target smaller firms more often, on the theory that they're less focused on security. Remember — she only needed 40 clients. You have 40 tax prep clients, right?
- Security is primarily a people problem. By far the most common vector for an attack is less-than-vigilant staffers — those who click on phishing emails, or share passwords or private information, or otherwise give cybercriminals the one chance they need to get inside.
- Strong security starts at the top. It may be a people problem, but people won't pay attention to it unless the leaders of the firm do. When staff see partners calling out unsafe behavior, complying with safety measures, and otherwise prioritizing good IT hygiene, they'll start to focus on it, too.
It's time to bolster your cybersecurity. After all, while you may be safe from Jackie Marie for the next 18 months, there are literally thousands of people just like her out there right now.
