Phishing scams remain one of the most lucrative crimes for online cyber criminals. News reports of sensitive data from large corporations like Sony being jeopardized are increasing at a worrying rate. But contrary to popular belief, these phishing scams are just as hazardous for small business owners.
The Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center (NW3C), received over 300,000 complaints in 2010 from both individuals and small businesses that have been victims of online phishing scams and other Internet related crimes.
To give you a better understanding as to why your small business is of great worth to a cyber criminal, let’s take a look at what phishing is exactly.
What is phishing?
Phishing is a serious problem, but the term can be a bit unclear. It is the act of illegally trying to acquire private information such as passwords, credit card account numbers, banking account information, usernames, or social security numbers. Phishing is accomplished by creating fake logos, email addresses, authentic looking official websites, and phone numbers. Victims are then under the illusion that it is official business and are compelled to give out their private information, which in turn can be used to steal their identity. Small businesses often suffer from phishing, as the goal is to gain access to their customer’s private information such as credit card account numbers.
Examples of small business phishing scams
There are many models of small business phishing scams. For example, fake emails have been sent to thousands of smaller businesses that are highly authentic looking from the IRS and even including the IRS logo. These emails explain that they must fill out tax forms or W-4 forms and return these forms by fax. Many business owners trust this information was sent by the IRS and fear that they will be audited if they do not do what the email said was expected of them.
The IRS states on it’s website at IRS.gov, that it will not initiate any contact by email and that you should never click any links on an email sent to you asking you to send anything to the IRS.
Your company email can be a target
Another way these thieves gain information is by targeting a specific individual within a business by sending him or her some kind of fake communication that looks completely reliable but ends up releasing a virus or malware. This virus then infects the entire network, giving thieves access to private company data.
Beware that there are also “Phone phishing scams”, in which someone claiming to be from a bank, for instance, might ask you to call and verify your account.
How to protect your business against phishing
Visiting the Anti-Phishing Work Group will give you wise advice to shield your business against phishing scams and gives you useful information on how to avoid becoming a victim. Some of their advice follows, such as:
- Make sure your employees are aware of what phishing scams are, and are cautious when reading and responding to suspicious emails. Always err on the side of caution. Instead of clicking a link, open another browser window and go to the official website.
- Never give out company financial information such as bank routing numbers to an inquiry made via email. Your bank does not need you to confirm your account information…they already have that. An email like that even if it has your bank’s logo is a fake. Make it a habit to check your accounts regularly for suspicious charges and withdrawals.
- Make sure every computer used has up-to-date virus and malware protection. Schedule regular full system scans. Never download “anti-virus” software from an unknown entity. It’s better to stick with trusted brands.
It is nearly impossible for law enforcement to stop phishing, so the best method of defense is the education of your employees for identifying, dealing with, and staying up to date with phishing scam trends.