One of the top cyber crimes, and the most lucrative, are phishing scams. Large corporations such as Sony have been compromised and accounts of these types of cyber crimes are being reported at a high rate. Phishing scams are just as dangerous to small business owners as they are to large corporations.
The Internet Crime Complaint Center (partners with the FBI) and the National White Collar Crime Center (NW3C) have reported more than 300,000 cases of online phishing scams and other Internet related crimes.
To give you a better understanding as to why your small business is of great worth to a cyber criminal, let’s take a look at what phishing is exactly.
What is phishing?
Phishing is the act of attempting to get private information such as usernames, passwords, credit card and banking information. This is easily done by developing fake websites, logos and email addresses and phone numbers. The victim is compelled in some way to reveal private information such as social security numbers and or other information that can be used to steal their identity. In the case of a small business, the phishing scam may be used to obtain customer credit card numbers.
Examples of small business phishing scams
Thousands of small business owners have received emails from the IRS informing them that they must fill out W-4 forms or other tax forms, and return them via fax. These emails look remarkably real. Right down to the official IRS government seal. Unfortunately, many owners are worried that they are going to be audited by the IRS if they don’t take care of it immediately.
The IRS states on it’s website at IRS.gov, that it will not initiate any contact by email and that you should never click any links on an email sent to you asking you to send anything to the IRS.
Your company email can be a target
Company emails are easy access for thieves. They can target an individual by sending him or her an email that looks genuine, however when they open it, it can release a virus or malware infecting the entire network. The thieves will then have access to employee’s private information and company data.
Beware that there are also “Phone phishing scams”, in which someone claiming to be from a bank, for instance, might ask you to call and verify your account.
How to protect your business against phishing
Visiting the Anti-Phishing Work Group will give you sound advice to safeguard your business against phishing scams and gives you valuable information on how to avoid becoming a victim. Some of their advice follows, such as:
- Make sure your employees are aware of what phishing scams are, and are cautious when reading and responding to suspicious emails. Always err on the side of caution. Instead of clicking a link, open another browser window and go to the official website.
- Never give out company financial information such as bank routing numbers to an inquiry made via email. Your bank does not need you to confirm your account information…they already have that. An email like that even if it has your bank’s logo is a fake. Make it a habit to check your accounts regularly for suspicious charges and withdrawals.
- Make sure every computer used has up-to-date virus and malware protection. Schedule regular full system scans. Never download “anti-virus” software from an unknown entity. It’s better to stick with trusted brands.
The best way to protect oneself and colleagues from these scams is to be aware of the methods one can use to identify a scam and stay on top of the latest news on the issue.