Skip to main content

Fraud is costing financial firms millions—is your practice protected?

November 20, 2025

Have you ever stopped to think about how much fraud could be costing your practice and your clients? 

It’s tempting to assume that fraud is mostly an issue for huge financial institutions, the ones with thousands of employees and dedicated IT teams. But, that’s a dangerous assumption. The reality is fraud is a growing threat to accounting firms and financial professionals of every size. In fact, small and mid-sized practices can be more exposed because they often lack the layers of security, formal processes, or training that larger firms have in place. 

One of the most common and costly types of fraud is identity fraud. That’s when someone impersonates a trusted contact, like a client, vendor, or even one of your team members, to steal money, gain access to data, or hijack financial systems. It could be receiving an email that looks like it’s from a client requesting an urgent wire transfer, or a cybercriminal using stolen credentials to access your tax prep software, client portals, or accounting tools. Most scams begin with a simple stolen username and password. It’s a tactic that’s been around forever and still works. 

With AI-driven tools becoming more and more accessible, these scams are more convincing than ever. Fraudsters can mimic emails, voices, and even videos that look and sound just like the real thing. 

Around 69% of businesses report seeing a rise in fraud attempts. Financial firms, with all the sensitive data and money they manage, are an obvious target. 

Here’s the good news: you can take practical steps to protect your practice. Firms that implement stronger identity protections, like biometric logins, device recognition, and AI-powered fraud detection, report fewer breaches, less risk, and significant savings. And you don’t have to overhaul your systems overnight. Even small improvements can make a big difference. 

Start by looking at your login and payment processes. Are passwords randomly generated and never reused across accounts? Do you use multi-factor authentication, for example, entering a one-time passcode sent to a phone, for critical accounts? Have you trained your team to recognize suspicious emails and phishing scams?   

The goal isn’t to add unnecessary hassle. It’s to build smart, client-friendly security that protects your firm and the people you serve, without slowing you down. 

This article was submitted by Kellen Cowan of Newave Solutions