Phishing Scams: How To Protect Your Small Business From Cyber Thieves
Business Technology | December 7, 2011
Phishing scams remain one of the most lucrative crimes for online cyber criminals. News reports of sensitive data from large corporations like Sony being compromised are increasing at a troubling rate. But contrary to popular belief, these phishing scams are just as hazardous for small business owners.
The Internet Crime Complaint Center, a collaboration between the FBI and the National White Collar Crime Center (NW3C), received over 300,000 complaints in 2010 from both individuals and small businesses that have been victims of online phishing scams and other Internet related crimes.
Let’s look at what phishing really is, so that you can gain a greater knowledge of why your small businesses may be targeted by a cyber criminal.
What is phishing?
Phishing is a serious problem, but the term can be a bit unclear. It is the act of illegally trying to acquire private information such as passwords, credit card account numbers, banking account information, usernames, or social security numbers. Phishing is accomplished by creating fake logos, email addresses, authentic looking official websites, and phone numbers. Victims are then under the illusion that it is official business and are compelled to give out their personal data, which in turn can be used to steal their identity. Small businesses often suffer from phishing, as the goal is to gain access to their customer’s private information such as credit card account numbers.
Examples of small business phishing scams
Countless numbers of small business owners have been sent emails by an entity using incredibly authentic IRS-looking letters stating that W-4 forms or other additional forms must be filled out and returned via fax. This frightened many owners into believing they would be audited or penalized by the IRS for not handling the issue immediately. Unfortunately, they were fake emails and these companies were fooled out of their personal information.
At the official website, IRS.gov, the IRS states that it will not initiate contact through email. So, never click on a link claiming to be from them!
Your company email can be a target
Company emails are easy access for thieves. They can target an particular person by sending him or her an email that looks genuine, however when they open it, it can release a virus or malware infecting the entire network. The thieves will then have access to employee’s private information and company data.
Phone phishing
There are also several “phone phishing scams” where phony messages from your bank, for example, ask you to call a phone number and enter your account information.
How to protect your business against phishing
The Anti-Phishing Work Group offers great advice on how to keep your small business from becoming a target of phishing. Here are several of their tips:
- Make sure your employees are aware of what phishing scams are, and are cautious when reading and responding to suspicious emails. Always err on the side of caution. Instead of clicking a link, open another browser window and go to the official website.
- Never give out company financial information such as bank routing numbers to an inquiry made via email. Your bank does not need you to confirm your account information…they already have that. An email like that even if it has your bank’s logo is a fake. Make it a habit to check your accounts regularly for suspicious charges and withdrawals.
- Make sure every computer used has up-to-date virus and malware protection. Schedule regular full system scans. Never download “anti-virus” software from an unknown entity. It’s better to stick with trusted brands.
The best way to protect oneself and colleagues from these scams is to be aware of the methods one can use to identify a scam and stay on top of the latest news on the issue.
Phishing scams remain one of the most lucrative crimes for online cyber criminals. News reports of sensitive data from large corporations like Sony being compromised are increasing at a troubling rate. But contrary to popular belief, these phishing scams are just as hazardous for small business owners.
The Internet Crime Complaint Center, a collaboration between the FBI and the National White Collar Crime Center (NW3C), received over 300,000 complaints in 2010 from both individuals and small businesses that have been victims of online phishing scams and other Internet related crimes.
Let’s look at what phishing really is, so that you can gain a greater knowledge of why your small businesses may be targeted by a cyber criminal.
What is phishing?
Phishing is a serious problem, but the term can be a bit unclear. It is the act of illegally trying to acquire private information such as passwords, credit card account numbers, banking account information, usernames, or social security numbers. Phishing is accomplished by creating fake logos, email addresses, authentic looking official websites, and phone numbers. Victims are then under the illusion that it is official business and are compelled to give out their personal data, which in turn can be used to steal their identity. Small businesses often suffer from phishing, as the goal is to gain access to their customer’s private information such as credit card account numbers.
Examples of small business phishing scams
Countless numbers of small business owners have been sent emails by an entity using incredibly authentic IRS-looking letters stating that W-4 forms or other additional forms must be filled out and returned via fax. This frightened many owners into believing they would be audited or penalized by the IRS for not handling the issue immediately. Unfortunately, they were fake emails and these companies were fooled out of their personal information.
At the official website, IRS.gov, the IRS states that it will not initiate contact through email. So, never click on a link claiming to be from them!
Your company email can be a target
Company emails are easy access for thieves. They can target an particular person by sending him or her an email that looks genuine, however when they open it, it can release a virus or malware infecting the entire network. The thieves will then have access to employee’s private information and company data.
Phone phishing
There are also several “phone phishing scams” where phony messages from your bank, for example, ask you to call a phone number and enter your account information.
How to protect your business against phishing
The Anti-Phishing Work Group offers great advice on how to keep your small business from becoming a target of phishing. Here are several of their tips:
- Make sure your employees are aware of what phishing scams are, and are cautious when reading and responding to suspicious emails. Always err on the side of caution. Instead of clicking a link, open another browser window and go to the official website.
- Never give out company financial information such as bank routing numbers to an inquiry made via email. Your bank does not need you to confirm your account information…they already have that. An email like that even if it has your bank’s logo is a fake. Make it a habit to check your accounts regularly for suspicious charges and withdrawals.
- Make sure every computer used has up-to-date virus and malware protection. Schedule regular full system scans. Never download “anti-virus” software from an unknown entity. It’s better to stick with trusted brands.
The best way to protect oneself and colleagues from these scams is to be aware of the methods one can use to identify a scam and stay on top of the latest news on the issue.