Beware of Phishing Attacks!

Cybercriminals often target the financial accounts of owners and employees of small and medium-sized businesses in order to steal their personal information and login credentials. They use various attack methods that enable them to issue counterfeit checks, impersonate the customer over the phone to arrange financial transfers, and otherwise exploit the account. It’s important that business owners and their employees are aware of the kinds of tactics these criminals use so you can protect yourself and your business.

Criminals often use “social engineering” tactics to appear legitimate. These include authentic-looking logos from actual businesses and requests for information. Sometimes these include some sort of scare tactic that encourages the recipient to click on an attachment or link . . . that then downloads malicious software onto the recipient’s computer. These tactics include:

  • “There is a problem with your shipment”
  • “There is a problem with your bank account”
  • “There has been a complaint lodged against your business”
  • “You have been issued a subpoena”

Sometimes these attacks appear to provide information about current events, such as natural disasters, major sporting events, or celebrity news. And sometimes these emails are disguised as coming from a trusted source.

Here are some tips you can use to protect yourself and your business from these kinds of attacks:

  1. Educate your employees to be aware that even legitimate-looking emails might be fraudulent. Caution them against clicking on attachments or links in emails they weren’t expecting. If you receive an email and aren’t sure whether it’s authentic, contact the sender by phone, separate email, or by using the customer service contact information on the sender’s website rather than clicking on any links within the questionable message.
  2. Don’t click on pop-up messages claiming your machine is infected. Often these ads actually download malware onto your computer.
  3. Use separate computers for banking transactions. These computers should not be used for other internet access such as social networking, email access, or general web browsing.
  4. Install and maintain up to date spam filters and virus protection on your computers. Allow for automatic updates and scheduled scans.
  5. Install routers and firewalls to prevent unauthorized access to your network.
  6. Use different passwords for every website you access. That way if one of your passwords is compromised, criminals won’t have access to all of your accounts.
  7. Block pop-ups.

These are just a few of the steps you can take to protect your electronic records and accounts. We’ll post more tips again soon.