Recently, we’ve had multiple clients come to us and report that they’ve received suspicious emails or texts. It’s scary enough to get something like this as an individual, and it can be just as scary when it happens to your business. The fact is that business scams and email spoofing are commonplace, but there are steps you can take to protect from phishing and other malicious attacks. Here’s what we tell our clients to do when they encounter such attempts - and how to be on guard against them in the future.
Types of Business Scams
There are countless possible scams out there, but some of the most common come in the form of phishing. Phishing is a technique used by attackers to trick individuals into divulging personal information—like login credentials—or launching malware to steal broader sets of data stored on their computers or connected networks. The problem with this tactic is that it often comes in the form of what looks like a valid email from a trusted source. Because of this, recipients might open the email and click on enclosed attachments or links, leading to major vulnerabilities. These emails can come in numerous forms. For example, one company received an email spoof that looked like it came from their vendor, telling them about a “bank change.” Since it looked legitimate, the company changed the payee’s bank information and ended up unintentionally paying the scammer more than one hundred thousand dollars. Of course, the vendor had no idea this was happening and was still waiting for their payment. Another, perhaps more prevalent scam, is sending an email that looks like a software subscription is up for renewal. It might ask you to log in to the platform, and then steal your login credentials. The fact is, no business or industry is immune. Even literary agencies have been the object of email spoofing, with scammers pretending to be agents and then reaching out to aspiring authors to request payment for reading their manuscripts.
What To Do When You Get A Sketchy Email
When you receive an email that’s asking something of you, first consider whether you recognize the sender. If yes, double-check what their actual email address is. Many scams use the same display name as someone you know, but their email address is something obviously off (like firstname.lastname@example.org). If you take the display name at face value without dialing into the details, you could end up missing a major red flag... Still, scammers are sophisticated and some are capable of also making their email address appear legitimate. In these cases, consider whether the subject line makes sense and if the email references a conversation that was already happening or a product that’s actually in use. If the message asks you to click a link, hover above the link without clicking it to make sure it’s a real URL for a company’s real site. If it asks you to provide banking information, call a trusted contact at the company to verify the veracity of the ask. The bottom line is: if it seems at all, well, phishy… it probably is.
Protect From Phishing & Email Spoofing
According to the 2022 Verizon Data Breach Investigation Report, 82% of data breaches were caused by human mistakes. So, it’s important to talk with your team members about their part in protecting your business. Offer training to help them become aware of threats, the most common scams in circulation, what to do when they receive a suspicious email and how to report it - both internally and to the company it’s impersonating. Also, make sure that your company uses a trusted email service provider that has security measures and monitoring built in. There are also identity theft protection programs available specifically for businesses, which can help monitor your company’s credit reports and activity for signs of fraud. Help your business avoid falling prey to business scams by trying these tips and, if you need any further advice about protecting yourself digitally, give us a call.