Internet Phishing Scams – Don’t Fall Prey

Phishing scams are at the top of cyber criminals’ moneymaking lists.  These scams can affect large corporations, small businesses or individuals. In 2010, over 300,000 complaints were filed to the Internet Crime Complaint Center, a partnership between the National White Collar Crime Center and the FBI, from small businesses and individuals victimized by online phishing scams and numerous other Internet related crimes.

Understanding what phishing is will help you protect your business from these cyber criminals.

What is phishing?

“Phishing” is the attempt to access private data, such as financial information, usernames, and passwords. This is accomplished by making false websites, graphics, email accounts, and phone numbers. The subject is manipulated, by one method or another, into revealing these types of data that may be used to steal their identity (social security numbers are a popular target). For small businesses phishing scams may attempt to obtain access to customer information or company financial information. 

Examples of small business phishing scams

Thousands of small business owners have received emails from the IRS informing them that they must fill out W-4 forms or other tax forms, and return them via fax.  These emails look incredibly real.  Right down to the official IRS government seal.  Unfortunately, many owners are worried that they are going to be audited by the IRS if they don’t take care of it immediately.

At the official website, IRS.gov, the IRS states that it will not contact companies through email first. Beware and use caution before clicking on a link claiming to be from them.

Your company email can be a target

Another way these thieves gain information is by targeting a specific individual within a business by sending him or her some kind of fake communication that looks completely legitimate but ends up delivering a virus or malware. This virus then infects the entire network, giving thieves access to private company data. 

Phone phishing

Beware that there are also “Phone phishing scams”, in which someone claiming to be from a bank, for instance, might ask you to call and verify your account. Banks will not call you for this information, they already have it.

How to protect your business against phishing

APWG.org is the Anti-Phishing Work Group, and their mission is to provide wonderful advice on how to guarantee your business does not fall victim to phishing. Listed here are some of their tips:

Make sure your employees are aware of what phishing scams are, and are cautious when reading and responding to suspicious emails.  Always err on the side of caution.  Instead of clicking a link, open another browser window and go to the official website.

Never give out company financial information such as bank routing numbers to an inquiry made via email or telephone.  Your bank does not need you to confirm account information…they already have that. An email like that, even if it has your bank’s logo, is a fake. To protect yourself and your information, make it a habit to check your accounts regularly for suspicious charges and withdrawals.

Make sure every computer in use has up-to-date virus and malware protection.  Schedule regular full system scans.  Never download “anti-virus” software from an unknown entity. It’s better to stick with trusted brands.

It is nearly impossible for law enforcement to stop phishing, so the best method of defense is the education of your employees for identifying, dealing with, and staying up to date with phishing scam trends.