Phishing on a Digital Binary Warning Abstract

The Phishy Accountant: Something Doesn’t Add Up

We’ve recently come across a phish aimed at people working in / related to accounting firms, sent from a compromised accountant’s email address leading to a fake Google Docs page.

The email reads as follows:

Fake Accountant Spam

Subject Important - For your review

Hello, I've shared some files with you on Google Drive.

Please, click on the E-Document to download the file.

Best regards

The bogus link would take potential victims to


Fake login page

The site reads as follows:

To view shared files and folders

You are required to sign in with your email address to access shared files and folders

The fake login page casts a wide net, offering up login fields for Gmail, Yahoo Mail, Hotmail, AOL and “other”.

You’ll notice the “CPA” in the URL – this would be related to Certified Public Accountants. Given the potentially sensitive data accountants have access to on a daily basis, angling for their logins could result in a nice little haul for the scammers.

Anybody dealing with finance tends to be a hot target for fake mails containing Ransomware files, but it’s worth remembering the more straightforward scams are still out there ready to strike.

As always, some basic security precautions pay dividends here – note the lack of HTTPs on the above screenshot, which is (almost always) a sign that the site is a phish. You should always be highly suspicious of any email you didn’t request directing you to a login page –  that (plus the missing green padlock) certainly hits high on the “Back away slowly” meter.

It’s enough to make you want to fill in your own tax returns…

Christopher Boyd


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.