One of your finance staffers receives an email from your company’s bank, asking you to update account info. The request looks completely legit and stresses it’s urgent. Your staffer clicks the link …
… and you’ve just been phished!
It’s easier than ever to fall victim to this cybercrime. Almost daily there’s a new report of crooks posing as banks stealing sensitive financial info from individual and corporate customers.
Just last week Chase Bank and Bank of America had phony emails sent out supposedly in their names in attempts to capture sensitive account and personal info. So warned FraudWatch International. Unfortunately there are alerts like this almost every week. (Even PayPal was used to coax info out of folks recently.)
So how can you protect your company’s as well as customers’ and employees’ sensitive data?
Forewarned is forewarned. Check out the key features of today’s phishing attacks so you can tell your staff what to be on the lookout for.
An eye-opening example
There are two main types of phishing scams – often used in combination:
- A phishing email where you are asked to click on a link, and
- A phishing Website where you fill in on online form on a phony website and submit your info.
Consider taking the recent Chase attack as an example to show staffers just how convincing these messages can be.
- The email address the scam was sent from: Chase Bank <email@example.com>
- Subject line: Important Notice
- There were even ads for Chase cards on the side of the info – just like you’d expect to see on a communication like this.
- Recipients were told in a message bearing Chase’s official logo that the bank recently experienced a service interruption and would need users to verify info. Then people were encouraged to click a link that took them to another very official looking web page asking for everything from use ID and password to social security numbers and credit card info.
It’s easy to be duped. Crooks are now copying fonts and layouts from legit communications exactly. Some sophisticated scams even link to actual pages on banks’ websites to further increase credibility.
But you certainly don’t want any of your finance staffers to fall prey to phishing. A few tips to emphasize:
- Never click on a hyperlink within an email. This is almost always a scam.
- Watch for the “https” on the website. Don’t see it? That site’s not secure. (Of course seeing it isn’t a lock that you’re safe, but it helps.)
- Stay updated on the latest scams. You can sign up for email alerts to get a heads up on the latest phishing scams so you don’t get blindsided. (FraudWatch International offers one; click here to sign up)
- Remind everyone: Banks don’t ask customers to update information this way. If your staffers get a request like this – no matter how authentic it appears – have them call their bank to verify it.