Tips to Protect Your DataPosted: September 25, 2019 - By Elizabeth Velez
Believe it or not there are scams that specifically target small businesses – just like yours. Scammers use emails or text messages to trick you into giving them confidential information. They may try to steal your passwords to access customer data, or account numbers to access your business’s funds. The FBI’s Internet Crime Complaint Center reported that people lost $30 million to phishing schemes in one year.
But what exactly is a phishing scheme, how can you and your team spot one, and are there other forms of cyber fraud you should be worried about? It’s important you are vigilant, and you train your employees to be as well. We’re sharing effective tips to spot and prevent online fraud or a cyber security breach.
Common threats that affect businesses
Scammers specifically target small businesses, so their threats are customized to everyday tasks, conversations or vendors that you wouldn’t normally think would leave your business vulnerable. Here is an overview of typical threats that may target your business.
- Phishing scams and malware
- Phishing sounds like the hobby ‘fishing’ because it’s meant to describe a criminal using fake ‘bait’ (like an important email or text) to get the recipient to ‘bite’ (collect a business’s online bank, credit card, or other login information).
- Malware, or malicious software, can be sent from an unknown sender via email and can be triggered not only if a link is clicked, but also just from opening the spam email. Most commonly the malicious email has ransomware designed to delete or encrypt your files and backups – even if they are stored in the cloud or on a server.
- Fake invoices
- Since the most successful fraud is done by impersonating a vender or service your business currently uses, scammers will send fake invoices for things like website domain renewal, or overdue payments for an integral software. Paying attention to branding and small details are crucial because of this.
- Unordered office supplies
- Scammers can monitor your purchase history and call to confirm a supplies order that you did in fact place. Then, they will show up to your business with unordered items and demand payment. They may even playback the phone call confirming the order to show “proof” and throw your team off. Keep in mind that if you receive merchandise you didn’t order, you have a legal right to keep it for free.
- Tech support
- It’s common for small businesses to have a third-party who assists with tech support. This is also an easy way for a scammer to call and say they are part of the tech team, and they need to access your computer because there is a threat to your computer security. They may require payment, or access passwords, patient data or credit card information.
- Government agency
- Criminals often impersonate government agents in order to threaten legal action without a payment. Their lies range from taxes, license or trademark renewal, and other fees.
- Utility companies
- It’s very common to receive a call from your utility service warning you that your bill has not been paid and if you don’t wire the payment it will be shut down during prime hours.
Signs to look out for
Since scammers impersonate trusted businesses you work with, there are details about each of your vendor working relationships that you and your staff must take note of.
- Suspicious email greetings
- Your vendor typically uses the direct name of you or a staff member, but a new email uses “Hi Dear” as a greeting.
- Business details
- You may notice a subtle misspelling – possibly only one letter off – in the vendor’s business name, sender name, or email address. The email address may also end in ‘@gmail.com’ when it usually ends with the business’s domain details.
- Email style
- The ‘from’ first and last name of your vendor is lower case, and it’s normally properly capitalized. Their language style is just a bit off, and the email design is more plain than usual and is even missing a logo.
- Link Details
- When you hover over the link you’re being encouraged to urgently click, you notice the destination details/URL is completely unfamiliar.
- You notice this email was sent to many other email addresses, or a list titled ‘undisclosed recipients,’ when normally you communicate one on one with your vendor.
What to do if you’ve responded to a phishing email
If you or your staff have accidentally given a scammer confidential information, immediately go to https://www.identitytheft.gov/Info-Lost-or-Stolen. That government site offers next steps depending on the information that has been compromised.
If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software immediately. Then run a scan.
Once you’ve done what you can to report the incident, forward the phishing email to the FTC at email@example.com and to the Anti-Phishing Working Group at firstname.lastname@example.org. If you got a phishing text message, forward it to SPAM (7726). This will help the FTC fight these scammers and prevent them from attacking you or others in the future.
How to protect your business with cybersecurity
- Protect all the computers in your organization with security software. Allow the software to automatically update so it’s constantly working to protect your information.
- Protect your accounts by turning on multi-factor authentication. This will require you to log in with two forms of credentials, making it hard for imposters to hack.
- Protect your data by backing it up. Back it up to an external source that is not connected to your main network just in case the main network is ever compromised.
Train your employees on these important details, and remind them to look out for signs on a regular basis. Scammers never stop looking for ways to commit fraud, therefore we can never stop keeping an eye out for them.