By Scott Carr.
Artificial intelligence has made it much easier—and cheaper—for criminals to impersonate firms, manufacture “urgent” requests, and trick staff into clicking malicious links.
For accounting firms, where every inbox and browser tab can touch client financials, a single mistake can lead to wire fraud, data theft, or a shutdown in the middle of busy season. DNS filtering gives firms a practical way to reduce this risk by blocking access to known bad destinations before a page ever loads.
How AI Has Changed Social Media Risk for Accountants
Modern phishing and fraud campaigns increasingly start on social and professional platforms where accountants and clients spend time—LinkedIn, Facebook, X, even messaging apps. AI tools now allow attackers to:
- Generate highly tailored messages that reference real client names, industries, and deadlines.
- Spin up fake profiles and ads that copy your logo, partner photos, and marketing language.
- Direct staff and clients to look‑alike sites that harvest credentials or push malware.
These scams do not always look like the old “Nigerian prince” emails. They often resemble messages from real clients, referral partners, or regulators, complete with proper grammar and industry jargon. When a senior staff member is trying to clear notifications between client calls, the chance of a bad click goes up.
Recommended Articles
Why Accounting Firms Are Attractive Targets
Accounting and advisory firms sit at the center of sensitive financial data and high‑value workflows. Typical targets include:
- Tax return data, payroll records, and banking details for individuals and businesses.
- Stored IDs and supporting documents used for KYC, onboarding, and compliance.
- Email histories that can be used to power more convincing business email compromise (BEC) attacks.
In addition, firms often work under intense time pressure around deadlines. Attackers know that “please review this updated wire detail” or “urgent payroll correction” is more likely to be acted on quickly during peak periods. When those messages originate from social media connections or look like legitimate ads or posts, the risk is multiplied.
What DNS Filtering Is—and Why It Helps
Domain Name System (DNS) filtering adds a layer of control between users and the websites they attempt to visit. Instead of letting every URL resolve normally, the firm’s DNS filtering service evaluates each request against threat intelligence and firm policies. If a destination is known to be malicious or suspicious, the request is blocked and the user sees a warning page instead of the attack site.
For accounting firms, DNS filtering can:
- Block access to phishing and fake login pages for tax platforms, banks, and firm portals, even if the link is clicked from social media.
- Reduce ransomware risk by stopping connections to malicious download sites and command‑and‑control servers.
- Enforce acceptable‑use policies across firm networks and remote workers without requiring complicated device‑by‑device setups.
The goal is not to replace other controls like email filtering or endpoint protection, but to give the firm one more margin of safety when AI-generated scams slip through.
Practical Steps for Firm Owners and IT Leaders
Owners and managing partners do not need to become security engineers, but they do need a clear roadmap. A practical, phased approach might look like this:
- Map social media exposure
- Identify which staff use LinkedIn, Facebook, and other platforms for business development, recruiting, and client communication.
- Determine which devices they use for this activity (firm‑issued laptops, mobile phones, home PCs).
- Implement DNS filtering across the environment
- Deploy DNS filtering on the office network, guest Wi‑Fi, and VPN connections so traffic from firm devices is covered.
- Extend protection to remote workers and partners through secure agents or protected DNS resolvers.
- Integrate DNS filtering with existing controls
- Connect DNS filtering logs to existing monitoring or incident response processes so alerts lead to review, not just a block screen.
- Align DNS policies with your firm’s data retention, compliance, and acceptable‑use requirements.
- Update training and procedures
- Incorporate AI‑driven social media scams into regular security awareness training, with examples specific to tax and audit workflows.
- Formalize verification steps for payment changes, wire transfers, and unusual client requests—no approvals based solely on social messages or ad links.
- Review and tune regularly
- During busy seasons, tighten rules around access to categories known to host malware and scams.
- After each season, review DNS logs to understand patterns and adjust controls without disrupting productivity.
Anticipating Client Questions
Clients are increasingly aware of AI scams but may not understand how they affect their accounting firm. Proactively addressing common concerns helps build trust:
- “I saw a message on social media offering a special ‘tax refund review’ from your firm—is it real?”
Firms should encourage clients to verify any offer by going directly to the firm website or calling their known contact, rather than clicking through social media links. - “If I send you documents after seeing something on social media, is my data safe?”
The firm can explain that client data is only handled through approved channels—such as secure portals or encrypted email—and that controls like DNS filtering help block rogue sites trying to mimic those systems. - “What are you doing to stay ahead of AI scams?”
This is an opportunity to highlight a layered approach: secure portals, strong authentication, user training, DNS filtering, and ongoing monitoring designed to protect client financial information.
Scott Carr, owner of Farmhouse Networking in Grants Pass, Oregon, is a veteran Network & Computer Systems Architect with over 30 years of IT experience. For over a decade, he’s led his team in delivering proactive, secure, and fully managed IT services to more than 80 businesses—including accounting and finance firms that rely on data security, compliance, and efficiency. Scott’s hands-on, jargon-free approach ensures every client understands their technology and gains confidence in their systems. His firm is known for fast, responsive support—most issues are resolved within 15 minutes—and deep expertise in cybersecurity, network design, and IT compliance. Learn more about how Farmhouse Networking supports the accounting industry at https://www.farmhousenetworking.com/finance-it-support/.
Thanks for reading CPA Practice Advisor!
Subscribe Already registered? Log In
Need more information? Read the FAQs
