Even before personal tech devices – and internet scams – became commonplace, scammers existed. They used the postal service and wall-mounted telephones to scam people out of money and identities. Sometimes they succeeded.
Internet Scams, Spam and Phishing – Oh My!
As technology advanced, along came the internet scams. Now they use email, SMS (text) messaging and mobile phones to try to get access to identities, bank accounts or to persuade their victims to send money.
If you have a mobile device, if you get email, if you purchase things online, or even if you just do business with companies that store information in the cloud, you are unfortunately at risk in some way.
Think about all of the stories you have seen recently about a large retailer or financial institution whose customer data was breached. Even social media use can put you at risk, as scammers often impersonate accounts by creating a “mirror” account using the images and text of another or posing as someone in order to interact with potential targets.
12 Ways to Protect Yourself and Your Business from Internet Scams
There are some basic ways you can protect yourself and your organization from internet fraud, and you can also learn to spot red flags that may indicate someone is trying to scam you. The FBI’s website has many great resources for this, including a list of recent email scams and warnings. They estimate email scams alone cost over $26 Billion in 2019!
- Refrain from giving personal or financial information out to incoming sources. Your bank is never going to email you and ask you to verify your account information – they already have it!
- Check the sender information. Email scams often come to you as though they are being sent by a friend, retailer, bank, or some other entity you do business with. However, when you look closely at the actual return email address, the address isn’t a match to the organization. The URL/domain names are different.
- Verify, verify, verify! One common email and telephone scam is to contact someone pretending to be a colleague or loved one who has an emergent financial need. Before sending money or giving out account information, get in touch with the actual person (colleague or loved one) or someone who knows them well and can verify the need is legitimate.
- Ask for a call back number and see if it matches publicly available information for the organization.
- Google some of the terminology, sender information, subject line, company name, etc., from the email to see if it matches up to known scams.
- If the communication contains some kind of threat, such as a threat to shut down your network, request for ransom for your domain name or if your website gets hacked, or a personal threat, contact local or federal law enforcement, your web hosting provider, your lawyer, etc., to see how to proceed.
- Protect your website with a firewall, antivirus, anti-spyware/malware and anti-spam software, and an SSL certificate that encrypts the data submitted to you via the forms on your website. With all of this security comes updates, so be sure to update your software on a regular basis.
- Shut it down! Shut down your computer when it’s not in use to prevent attacks from happening and/or stop any attack in process.
- Download with care. Many forms of malware are sent via email and if you click on a link or download a file from the internet, you may be unwittingly installing malware or spyware that can make your business vulnerable to attacks, ransomware or a data breach.
- Don’t click. You might think you’re closing a malicious popup only to find that the “X” you clicked on to close the box started an action instead. Instead of clicking to close a pop-up window or ad, close the browser window instead.
- Clear your devices’ cache, cookies and history. Clear out any unwanted internet activity by clearing your devices cache, which are temporary files stored on a device to make loading re-visited websites more efficient. You can also clear your devices internet browsing history and delete cookies to free up space on your device. This type of device “housekeeping” can make your devices run faster, frees up memory, and helps keep your device safer in the process. If you’re unsure about how to do this, contact your IT department, a local IT (information technology) or computer repair/maintenance specialist, or google information about how to do these types of tasks on device’s operating system.
- Institute protocols. Make training about internet fraud part of your employee orientation and on-going training. Institute protocols and rules for use of company devices on the internet (including for email).
What – Exactly – Are Scams, Spam and Phishing?
Here are some of the common terms it’s important to understand, in order to protect yourself and your organization.
Scams – Internet Fraud
The FBI defines internet fraud as “the use of Internet services or software with Internet access to defraud victims or to otherwise take advantage of them. Internet crime schemes steal millions of dollars each year from victims and continue to plague the Internet through various methods.” It describes several types of internet scams including:
- Business Email Compromise (BEC) wherein legitimate business email accounts are compromised “through social engineering or computer intrusion techniques” in order to conduct an unauthorized transaction of funds
- Data Breach – Unauthorized access (copying, transmitting, viewing) to business data which might include customer accounts, employee information, bank or financial information, etc.
- Denial of Service – When a hacker is able to interrupt access to any system or network, such as when a website gets “hi-jacked” or rerouted to another URL, users are unable to login to systems, network access is cut off, etc.
- Email Account Compromise (EAC) which is similar to BEC but may also extend to the general public, and in which compromised or impersonated email accounts are used to solicit funds from victims
- Malware – Malicious software, codes, scripts, etc., used to disable or damage computers, networks or other devices
- Scareware – Similar to malware but includes the use of scare tactics to get victims to click on something, send funds or take some other action
- Phishing, a.k.a. “Spoofing” refers to use of forged or faked electronic documents. Spoofing is when an email is disguised to appear as though it’s coming from a legitimate source (such as a financial institution or brand) rather than its actual source (also referred to as vishing, smishing or pharming). In both cases, the intent is usually to get the victim to provide personal or sensitive information like passwords, credit card information, bank account numbers or to redirect the victim to a malicious website.
- Ransomware – A form of malware and/or phishing or email compromise in which money is demanded in order to restore access to data, a network, or even suggesting the recipient has committed crimes or done something else (e.g., “we caught you doing ___________ and we’re going to release this information if you don’t pay!”)
Internet fraud schemes frequently occur as investment schemes, the infamous Nigerian prince letter fraud, non-delivery of merchandise, internet auctions, business or credit card fraud.
If you believe you or your business has been the victim of one of these schemes, you should report it to your financial institution, any organization that the scammer was posing as (such as when they pose as your bank, a retail store, a charity, or some other organization), and you can also report internet fraud directly to the FBI to assist in their efforts to discover and prevent these types of costly and malicious crimes. If you haven’t been victimized per se but want to report a tip about internet fraud to the FBI, you can do that as well.
You might also like: Understanding Common Business Financial Statements