I recently ran across some new advice from the FTC offering tips for businesses that are impersonated during phishing scams. I hadn’t given much thought to this topic before so imagine many you haven’t either. The FTC contends that computer users are not the only ones harmed by phishing scams. The simple fact is that industry is also the victim of these crimes as well.
How can you combat these phishers? The FTC has always provided advice for consumers on the ins and outs of this particular scam. The good news is now the FTC has come out with some tips for you and your business about how to respond if you find out that you are the impersonated victim as part of a phishing scam.
The FTC advice includes:
Notify consumers of the scam
If you are alerted to a phishing scam where fraudsters are impersonating your business, inform your customers as soon as possible. If your business has a social media presence, announce the scam on your social media sites and warn customers to ignore suspicious emails or texts purporting to be from your company. You can also inform your customers of the phishing scam by email or letter. The important point is to remind your customers that legitimate businesses like yours would never solicit sensitive personal information through insecure channels such as email or text messages.
Contact law enforcement
If you become aware of a phishing scam impersonating your business, report the scam to the FBI’s Internet Crime Complaint Center. Suggest that affected customers forward any phishing emails impersonating your business to the Anti Phishing Working Group, a public-private partnership against cybercrime. Consumers also can file a complaint with the FTC.
Provide resources for affected consumers
If consumers believe they may be victims of identity theft because of the phishing scam impersonating your business, direct them to www.IdentityTheft.gov where they can report and recover from identity theft. For more information about recommended computer security practices, direct consumers to resources on the FTC’s consumer information site where they can learn how to protect themselves online and avoid phishing attacks.
Use the episode as reminder to update your security practices
Data security isn’t just a one-and-done checklist. Threats are ever-evolving, so your defenses need to be nimble, too. For information on securing sensitive customer information, be a frequent flyer on the FTC’s data security portal. Follow case developments and read publications designed for companies of any size and sector, including Start with Security and the recently refreshed Protecting Personal Information: A Guide for Business. Pressed for time? Pledge two minutes a day to watch a video from the FTC’s resource library for businesses.
The bottom line
Online fraudsters have only grown more active and brazen in their attempts to scam both businesses and consumers online. The continued onslaught of news reports and public disclosures has caught the eye of regulators and Congress alike. In the current environment you should expect continued exposure to hackers and their online scams. While it is important to understand these ongoing risks it is equally important to ensure you are not caught up in any response from the government. Make sure your team is up to speed on current developments and ensure that they are proactively working on this ongoing problem.