Phishing scams are at the top of cyber criminals’ moneymaking lists. It’s disconcerting that the important data of organizations such as Sony are under threat from phishing scams. But in contrast to the widespread belief, these scams affect small enterprise owners as much as they affect the big corporations.
The Internet Crime Complaint Center, a collaboration between the FBI and the National White Collar Crime Center (NW3C), received over 300,000 complaints in 2010 from both individuals and small businesses that have been victims of online phishing scams and other Internet related crimes.
Understanding what phishing is will help you identify what makes your small business so appealing to cyber criminals.
What is phishing?
What does “phishing” mean? Phishing is the endeavor to access private data, such as financial information, usernames, and passwords. This is achieved by making false websites, graphics, email accounts, and phone numbers. The subject is persuaded, by one method or another, to reveal these types of information that may be used to steal their identity (social security numbers are a popular target). For small businesses, phishing scams may attempt to gain access to customer credit card information.
Examples of small business phishing scams
Countless numbers of small business owners have been sent emails by an organization using incredibly authentic IRS-looking letters stating that W-4 forms or other additional forms must be filled out and returned via fax. This frightened many owners into believing they would be audited or penalized by the IRS for not handling the issue immediately. Unfortunately, they were fraudulent emails and these companies were fooled out of their personal information.
At the official website, IRS.gov, the IRS states that it will not initiate contact through email. So, never click on a link claiming to be from them!
Your company email can be a target
Company emails are easy access for thieves. They can target an individual by sending him or her an email that looks authentic, however when they open it, it can release a virus or malware infecting the entire network. The thieves will then have access to employee’s private information and company data.
Beware that there are also “Phone phishing scams”, in which someone claiming to be from a bank, for instance, might ask you to call and verify your account.
How to protect your business against phishing
The Anti-Phishing Work Group offers wonderful advice on how to keep your small business from becoming a target of phishing. Here are a few of their tips:
- Make sure your employees are aware of what phishing scams are, and are cautious when reading and responding to suspicious emails. Always err on the side of caution. Instead of clicking a link, open another browser window and go to the official website.
- Never give out company financial information such as bank routing numbers to an inquiry made via email. Your bank does not need you to confirm your account information… they already have that. An email like that even if it has your bank’s logo is a fake. Make it a habit to check your accounts regularly for suspicious charges and withdrawals.
- Make sure every computer used has up-to-date virus and malware protection. Schedule regular full system scans. Never download “anti-virus” software from an unknown entity. It’s better to stick with trusted brands.
It is nearly impossible for law enforcement to stop phishing, so the best method of defense is the education of your employees for identifying, dealing with, and staying up to date with phishing scam trends.