Do not Fall Prey to a Phishing Scam

Phishing scams are at the top of cyber criminals’ moneymaking lists. It’s upsetting that the important data of organizations such as Sony are under threat from phishing scams. But in contrast to the widespread view, these scams affect small enterprise owners as much as they affect the big corporations.

The Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center (NW3C), received over 300,000 complaints in 2010 from both individuals and small businesses that have been victims of online phishing scams and other Internet related crimes.

Understanding what phishing is will help you identify what makes your small business so appealing to cyber criminals.

What is phishing?

What does “phishing” mean? Phishing is the endeavor to access private data, such as financial information, usernames, and passwords. This is attained by making false websites, graphics, email accounts, and phone numbers. The subject is persuaded, by one method or another, to reveal these types of data that may be used to steal their identity (social security numbers are a popular target). For small businesses, phishing scams may attempt to gain access to customer credit card information. 

Examples of small business phishing scams

There are many models of small business phishing scams.  For example, phony emails have been sent to thousands of smaller businesses that are highly authentic looking from the IRS and even including the IRS logo.  These emails explain that they must fill out tax forms or W-4 forms and return these forms by fax.  Many business owners trust this information was sent by the IRS and fear that they will be audited if they do not do what the email said was expected of them.

At the official website, IRS.gov, the IRS states that it will not contact companies through email first. Beware and use caution before clicking on a link claiming to be from them.

Your company email can be a target

Another way these thieves gain information is by concentrating on a specific person within a business by sending him or her some kind of phony communication that looks completely reliable but ends up delivering a virus or malware. This virus then infects the entire network, giving thieves access to private company data. 

Phone phishing

There are also several “phone phishing scams” where phony messages from your bank, for example, ask you to call a phone number and enter your account information.

How to protect your business against phishing

APWG.org is the Anti-Phishing Work Group, and their objective is to provide wonderful advice on how to ensure your business does not fall victim to phishing. Listed here are some of their tips:

  • Make sure your employees are aware of what phishing scams are, and are cautious when reading and responding to suspicious emails.  Always err on the side of caution.  Instead of clicking a link, open another browser window and go to the official website.
  • Never give out company financial information such as bank routing numbers to an inquiry made via email.  Your bank does not need you to confirm your account information…they already have that. An email like that even if it has your bank’s logo is a fake. Make it a habit to check your accounts regularly for suspicious charges and withdrawals.
  • Make sure every computer used has up-to-date virus and malware protection.  Schedule regular full system scans.  Never download “anti-virus” software from an unknown entity. It’s better to stick with trusted brands.

The best way to protect oneself and colleagues from these scams is to be aware of the methods one can use to identify a scam and stay on top of the latest news on the issue.

 


Posted on: 12.07.11