Phishing scams are at the top of cyber criminals’ moneymaking lists. It’s disconcerting that the important data of organizations such as Sony are under threat from phishing scams. But unlike the widespread notion, these scams affect small enterprise owners as much as they affect the big corporations.
Over 300,000 complaints were filed in 2010 to the Internet Crime Complaint Center, a partnership between the National White Collar Crime Center and the FBI. These complaints were from small businesses and individuals wronged by online phishing scams and a variety of other Internet related crimes.
Understanding what phishing is will help you identify what makes your small business so appealing to cyber criminals.
What is phishing?
What does “phishing” mean? Phishing is the attempt to access private data, such as financial information, usernames, and passwords. This is accomplished by making false websites, graphics, email accounts, and phone numbers. The subject is persuaded, by one method or another, to reveal these types of data that may be used to steal their identity (social security numbers are a popular target). For small businesses, phishing scams may attempt to get access to customer credit card information.
Examples of small business phishing scams
Thousands of small business owners have been sent emails by an organization using incredibly realistic IRS-looking letters stating that W-4 forms or other additional forms must be filled out and returned via fax. This frightened many owners into believing they would be audited or penalized by the IRS for not handling the issue immediately. Unfortunately, they were fake emails and these companies were tricked out of their private information.
The IRS states on it’s website at IRS.gov, that it will not initiate any contact by email and that you should never click any links on an email sent to you asking you to send anything to the IRS.
Your company email can be a target
Thieves can gain access to a business by targeting a particular individual by sending them deceitful emails that conveys a professionally sincere image. Most of the time these emails will contain a computer virus or malware. It has the ability to infect a company’s entire network, which allows thieves to gain access to confidential data.
Beware that there are also “Phone phishing scams”, in which someone claiming to be from a bank, for instance, might ask you to call and verify your account.
How to protect your business against phishing
Visiting the Anti-Phishing Work Group will give you sound advice to safeguard your business against phishing scams and gives you valuable information on how to avoid becoming a victim. Some of their advice follows, such as:
- Make sure your employees are aware of what phishing scams are, and are cautious when reading and responding to suspicious emails. Always err on the side of caution. Instead of clicking a link, open another browser window and go to the official website.
- Never give out company financial information such as bank routing numbers to an inquiry made via email. Your bank does not need you to confirm your account information…they already have that. An email like that even if it has your bank’s logo is a fake. Make it a habit to check your accounts regularly for suspicious charges and withdrawals.
- Make sure every computer used has up-to-date virus and malware protection. Schedule regular full system scans. Never download “anti-virus” software from an unknown entity. It’s better to stick with trusted brands.
The best way to protect oneself and colleagues from these scams is to be aware of the methods one can use to identify a scam and stay on top of the latest news on the issue. Contact us today to find out how we can offer your company top data protection strategies.