Zero-Click Attacks: The Breach You'll Never See Coming

There's a version of a cyberattack most accounting firm owners understand. Someone clicks a bad link. A fake invoice gets processed. A phishing email fools a tired staff member at 4pm on a Friday.

That version has a villain. It has a mistake. It has someone to blame.

Zero-click attacks don't work that way. Nobody clicks anything. Nobody does anything wrong. The breach just happens silently, automatically, while your team is heads-down in tax season doing exactly what you're paying them to do.

That's what makes them worth understanding. Not because you need to become a cybersecurity engineer. But because if you're running an accounting firm and you've told yourself "we just need to train people to be more careful," you need to know that training has a ceiling.

What Is a Zero-Click Attack?

A zero-click attack is an exploit that requires zero interaction from your staff to succeed.

No link. No attachment. No social engineering.

The attacker targets a vulnerability inside an application you already trust—your email client, your messaging platform, your AI productivity tool. The malicious payload arrives. The software processes it automatically. The attacker gets in.

You find out months later. Or you don't find out at all.

This isn't theoretical. Two high-profile examples from 2025 should be on every accounting firm owner's radar.

The Microsoft Copilot Problem Nobody Talked About

Earlier this year, security researchers disclosed a vulnerability called EchoLeak (CVE-2025-32711) inside Microsoft 365 Copilot—the AI assistant that's now baked into Outlook, Teams, SharePoint, and the rest of the Microsoft productivity stack that most accounting firms run on.

Here's what happened: attackers crafted specially formatted emails containing hidden instructions. When Copilot processed those emails, it silently extracted sensitive documents from Teams, SharePoint, and OneDrive - and shipped that data out. No user clicked anything. No warning appeared. Copilot, operating exactly as designed, became the vector.

Think about what lives in your Microsoft environment. Client tax returns. Financial statements. Engagement letters. Banking credentials stored in shared drives. Partnership agreements.

Now think about an AI assistant with access to all of it being quietly turned against you—not because you did anything wrong, but because you updated to the latest "productivity" tools before the security architecture caught up.

Microsoft patched this. But EchoLeak is not a one-time anomaly. It's a preview of the threat category.

Why Accounting Firms Are Specifically Exposed

Let's be direct about your risk profile.

Accounting firms sit at the intersection of three things attackers love: sensitive financial data, trusted client relationships, and historically under-resourced security programs. You're not a bank with a SOC team. You're a 12-person firm running on QuickBooks, Microsoft 365, and optimism.

You've probably adopted AI tools in the last 18 months because they genuinely save time. Copilot. ChatGPT. Document automation. That's smart business. But every AI tool you plug into your environment gets access to your data and every AI tool has a trust boundary that attackers are actively probing.

The FTC Safeguards Rule doesn't care that you didn't know about zero-click vulnerabilities.

It requires you to have a Written Information Security Program, an identified security coordinator, and documented risk assessments. "We were using the default Microsoft settings" is not a compliance defense.

The Attack Surface You're Ignoring

Zero-click attacks target exactly the platforms accounting firms use every day:

• Email clients: Outlook is one of the most actively exploited applications on the planet. It's also the centre of your firm's operations.

• Messaging platforms: Teams, Slack, iMessage. If your staff uses it to discuss client matters, attackers are interested in it.

• AI productivity tools: Copilot, Gemini, any AI assistant with access to your documents. These tools have extensive permissions by design. That's the feature. It's also the vulnerability.

• Mobile devices: If your partners check client email on iPhones, you have a BYOD exposure you've probably never formally assessed.

A separate 2025 vulnerability showed spyware being silently installed on iPhones via iMessage. No tap required. No notification. The device was compromised and began transmitting emails, messages, and location data without a single visible indicator.

Your managing partner's phone has client communications on it. Think about that.

What You Can Actually Do About It

You don't need a $500,000 security stack. You need a minimum viable defense that closes the gaps most likely to be exploited.

Patch everything, on a schedule. Zero-click attacks exploit known vulnerabilities. The EchoLeak patch was available. Organizations that applied it quickly were protected. Patch management isn't glamorous. It is effective. Make it someone's documented responsibility or it won't happen consistently.

Audit what your AI tools can access. If Microsoft Copilot is enabled in your tenant, do you know what data it can reach? Who can query it? What permissions it has? If the answer is "I'm not sure," that's the answer that needs to change this week - not this quarter.

Restrict permissions aggressively. Your receptionist doesn't need access to all client files. Your junior associate doesn't need admin rights. Zero-click attacks are dangerous, but they're significantly more damaging when they land in an account with broad access. Least-privilege access controls limit blast radius.

Enable behavioral monitoring. Basic EDR (endpoint detection and response) won't catch zero-click exploits the way it catches traditional malware. You need tooling that flags anomalous behavior - data moving at unusual volumes, AI queries accessing files outside normal patterns, external connections from unexpected locations. This is now table stakes, not advanced security.

Run a documented risk assessment. The FTC Safeguards Rule requires it. But beyond compliance, a risk assessment forces you to look at your actual environment - what tools you're running, what data they touch, and where your exposure is. Most firms haven't done this since they filled out a form three years ago and filed it away.

The Harder Conversation

Here's what zero-click attacks actually reveal about the state of firm security.

Most accounting firms have built their defenses around the human mistake model. Train staff not to click bad links. Put up spam filters. Use MFA. That's not wrong - it's necessary.

But it's incomplete.

Attackers know that model. They've priced it in. Zero-click attacks exist specifically because human-layer defenses have improved. The next generation of exploits bypasses the human entirely and goes straight for the software.

Your WISP says your staff receives annual security awareness training. That's good. Does it say anything about how your firm manages AI tool permissions, patches Microsoft 365 vulnerabilities, or audits third-party application access? If not, it's documenting yesterday's threat landscape.

The Takeaway

Zero-click attacks are not a reason to panic. They are a reason to stop treating cybersecurity as a staff behavior problem and start treating it as an infrastructure governance problem.

The firms that get hurt aren't always the ones that made obvious mistakes. Sometimes they're the firms that did the obvious things well, and nothing else.

Patch your systems. Audit your AI tools. Tighten your permissions. Document your program.

Do it this week. Not because a breach is certain, but because the cost of preparation is a rounding error compared to the cost of response.

Your clients are trusting you with the most sensitive financial data in their lives. That trust has a price tag. Make sure you've paid it.