(703) 719-4000 cs@fatech.net

Internet scams are not a new practice. For years scammers have been trying to find ways to steal information from businesses, but the methods used are constantly evolving.

Here’s what you need to know about phishing scams and how to protect your business’s devices and information.

What is a Phishing Scam?

A phishing scam is an electronically engineered scam where the attacker sends a fraudulent message masquerading as a legitimate institution and attempts to gain access to sensitive information.

Phishing scams usually occur as emails, text messages, and social media messages. They may look like they’re from a bank, credit card company, online payment system, or even systems like Microsoft Office.

These attacks are looking to obtain your business’s company account passwords, credit card information, employee social security numbers, banking information, and more.

How to Spot a Scam

Phishing scam messages are designed to trick you into clicking on a link. The scammer designs the message with the company’s logos they are trying to pretend to be and hides the sending email address behind a real name. Often scammers will even name real people in your organization to get you to send them information.

While these messages may look real at first glance, there are warning signs that can help your team spot a scam.

What to Look For:

  • Misspelled words and grammatical errors
  • Generic greetings, ex: “Dear User”
  • In emails, abnormal sending address domains for a business, ex: personal email addresses, addresses with numbers, etc.
  • In texts, abnormal phone numbers, ex: shortened numbers only using 5 or 6 digits, numbers led by international extension codes, and unknown numbers.

As far as the content, some of the most common messages may:

  • Say they’ve noticed some suspicious activity or login attempts on your account
  • Claim there’s a problem with your account or payment information
  • Say you must confirm some personal information
  • Say you’ve won a contest, and you must click to redeem your prize
  • Include a fake invoice
  • Want you to click on a link to make a payment
  • Say you’re eligible to register for a government fund
  • Offer a coupon for free stuff

What to Do If You or an Employee Suspects a Scam

According to the Federal Trade Commission’s Consumers Information article on Phishing, if a scam is suspected, you should:

  • DO NOT click any links in communication or respond to it.
  • Determine whether your company actually has an account with the “organization” contacting you or that you know the “person” contacting you.
    • If so, you should contact the company directly, not using the link in the message, and inquire about the message.
    • If not, it is likely to be a scam.
  • Report the scam to the Federal Trade Commission & platform-specific regulatory bodies.
    • Report all scams to the Federal Trade Commission (FTC) at https://reportfraud.ftc.gov/#/
    • If the scam is an email, you should also forward it to the Anti-Phishing Working Group at reportphishing@apwg.org.
    • If the scam is a text message, you should also forward it to SPAM (7726).
    • If the scam is a social media message, you should also use the platform’s internal reporting feature to flag it as spam.

How to Protect Devices and Prevent Future Attacks

The best way to protect your business is to train your team and implement procedures.

To protect and prevent phishing attempts work with your IT team to develop policies to prevent certain types of messages from hitting your team members’ inboxes.

Additionally, training your team on how to spot scams can help your organization be proactive in fighting scam attempts. You may also want to create a standard procedure guide for your team that clearly outlines what they should do if they receive a suspicious message.

Finally, make sure all your business’s accounts are secured with two-factor authentication as a general preventative measure. Two-factor authentication involves additional login information outside of a username or password. It’s usually a unique timed code sent outside of the login system, for example, a cell phone.

Protecting Your Business

Have questions about protecting your business from phishing attempts? Contact us.