I received an email that appears to be from Drake Software, but I was not expecting it. What should I do?
Phishing is a fraudulent tactic where scammers attempt
to steal sensitive information, such as usernames, passwords, bank, and
credit and debit card information, often through deceptive emails.
Tax return preparers and their clients are prime
targets for phishing attacks. Scammers may send emails disguised as
legitimate invoices to trick clients into making payments. It is crucial
to be vigilant and educate clients about these scams.
You should never click on an email or any links in an
email that you are not expecting. Always verify the source and
legitimacy of an email before opening it or clicking on any links.
Phishing schemes may appear to be sent from a Drake Software email
address or non-Drake address and typically ask that the recipient reply
with personal details or click on links.
IMPORTANT: Drake Software will
never request that you provide personal information through email.
Delete the email immediately and do not click any links or reply.
Example Scam*
Fraudsters can create fake invoice emails
that appear to come from reputable tax return preparers. If unsuspecting
clients fall for the deception, they risk sending sensitive personal
information and money directly to the scammer.
*Although no such scam has been reported, it is essential to be aware of this potential threat.
Common Phishing Signs
Some common signs indicating that an email is not legitimate are as follows:
- The blue hyperlink displays a non-Drake website when you hover over it. (Do NOT click it!)
- The email contains grammar and spelling errors.
- The email is from a fake email address that is only slightly altered from a legitimate email address.
- The email demands immediate action or threatens consequences for not taking action.
NOTE: For additional ways to protect yourself, see KB 18584. Drake Software also recommends sharing the document Phishing Guidance for Taxpayers, included at the bottom of this article, with your clients to help keep both them and your practice safe.
Drake Pay Users - What Legitimate Payment Requests Look Like
If requesting payment for your
services through Drake Pay, you should let your client know when you are
planning to send the invoice so that they can expect an email from you. For more information on sending payment requests, see KB 18583.
Legitimate Drake Pay Emails
- Come from no-reply@DrakeSoftware.com
- Address the recipient by name (not “Dear Client”)
- Contain the name of the tax return preparer or tax firm
- Contain a payment link that begins with https://drakepay.drakesoftware.com/manager/#/pay-now/. The text following “pay-now” is unique for each payment request.
Legitimate Drake Pay Webpages
- Begin with https://drakepay.drakesoftware.com/manager/#/pay-now/. The text following “pay-now” is unique for each payment request.
- Contain the Drake Pay icon in the top-left
- Display the taxpayer’s name in the top-right. If
no name was entered when sending the request, the client’s email address
is displayed instead.
- Show the firm’s name above the Amount
- Display the Drake Pay logo in the bottom-left
Actions to Take
If you or your client receive a suspicious email, do
not click on any links in the email, and immediately contact Drake
Software at (866) 369-9308 to report the phishing email. If you suspect
you may have fallen victim to a phishing scheme, or if you clicked on
any links in the phishing email, contact Drake Software at (866)
369-9308 to secure your account.
For details on how to properly forward a suspected phishing email to Drake Software for investigation, see KB 15382.
On a scale of 1-5, please rate the helpfulness of this article
Optionally provide private feedback to help us improve this article...
Thank you for your feedback!