Careers

Client Login

Home > Insights > Business Advisory > Online and Offline Phishing Scams

,

Online and Offline Phishing Scams

Female recieve inbox view the pending e-mail communication, New

And Tips for Keeping Your Business Safe

In today’s day and age, financial fraudsters are everywhere, and an unprepared business can be a profitable target. Scammers employ a wide range of strategies to gain access to business data that can help them access your financial accounts, customer information, employee data and more. That’s why it’s vital that your workforce remain up to date on the latest scams. Your employees are the first line of defense against potential fraud and should be trained on how to spot and respond to phishing scams.

Online phishing scams occur via email, social media and fake websites as scammers try to access and exploit your company’s confidential information. In contrast, offline scams occur away from the computer as scammers employ in-person strategies, either face-to-face or over the phone.

Following are some common online and offline phishing scams and tips to protect your company against them.

Online phishing scams

Scammers often use fake social media profiles, fake websites and malicious email links or attachments to gain access to confidential information. Common online phishing strategies include:

  • Email phishing –Email phishing is one of the most common types of online scams (and one we’ve all likely experienced). It involves sending an email that appears to be from a trusted source with a request for information. The scammer then uses that information to access accounts, business systems or confidential data. These emails may also include malicious links or attachments that, when clicked on, can compromise your company’s security.
  • Spear phishing –Spear phishing is a form of phishing that targets a specific individual using known information in order to gain their trust. Spear phishers often take time to research their targets in order to send emails or messages that appear to be from a trusted sender. These emails may include malicious links or attachments, or they may include an urgent request for confidential information. For example, a spear phisher may impersonate your company’s CEO in order to trick a finance employee into sending money to the scammer’s bank account.
  • Smishing –Smishing involves a scammer sending a text to a cell phone, prompting the recipient to respond with confidential information or click on a malicious link. For example, an employee may receive an urgent message that appears to be from the company’s bank asking them to verify confidential information, such as an account number or login. These requests often seem legitimate and urgent, but if your employee provides the requested information, the scammer may gain access to a bank account.
  • Whaling –Whaling is effort to gain access to a particularly large target, such as a company’s CEO, an elected official or another individual with the ability to authorize large payments. Whaling emails are typically highly customized, using detailed information gained through extensive research into the target.
  • Search engine phishing –Search engine phishing refers to efforts by scammers to position their website as a top hit on search engines. When a victim interacts with the website, the scammers gain access to his or her sensitive data.

Offline phishing scams

Common offline phishing strategies include the following:

  • Vishing Vishing, or voice phishing, is a type of fraud that takes place by phone. Typically a scammer calls with an urgent request for personal data. For example, a common vishing scam involves impersonating bank employees to request account numbers or passwords in order to gain access to accounts.
  • Prize phishing – Scammers have been known to call people and inform them they’ve won a large sweepstakes, lottery, free vacation or other prize. In exchange, they request an upfront fee, personal data or bank account information.
  • Overpayment phishing – This occurs when a scammer sends a counterfeit check and asks for a refund of a portion of the money or makes an online purchase and “accidentally” pays too much. Your employee may be tempted to provide a reimbursement from the business account; however, both of these are common scams to gain access to funds.

Tips for keeping your business safe

It’s important to be on alert for suspicious emails, texts, phone calls and websites. The following tips can help protect your company’s data and confidential information.

#1 – Implement multi-factor authentication (MFA).

Standard online verification methods include just a username and password, which can be easily hacked. MFA requires an additional piece of information to be entered in order to gain access. For example, a common MFA strategy is to text a code to an employee’s cell phone that they must use to log in. This process makes it much more difficult for scammers to access your company’s systems.

#2 – Understand what risks your business faces.

Cybercrime is a sophisticated and rapidly evolving industry. If you’re not keeping up on the latest developments, your business may be at risk. That’s why it’s absolutely vital that your business leaders not only understand the specific phishing threats faced by employees but also take steps to protect your business.

#3 – Develop company-wide policies to combat fraud.

One of the most effective ways to protect your business is by implementing robust policies to guard against fraud. These policies should include email encryption, communication monitoring for malware, and controlled use of personal devices for business functions.

 #4 – Regularly back up your systems and data.

Ransomware attacks and other malware infections have the potential to significantly compromise your business. Regularly backing up your data can help you quickly recover information and continue operating.

#5 – Develop employee best practices, including:

  • Verifying the legitimacy of any data requests. Stress to your employees the importance of never providing any information to an outside source without first verifying the legitimacy of the request. Make sure they take time to ask for the requestor’s name, physical business address and company. They should never click on website links in an email. Instead, encourage them to do their own search for the business’s website and call the company directly to verify the request is legitimate. If the requestor refuses to provide any information or tries to pressure an employee into providing data or payment, stress the importance of immediately hanging up or deleting the email.
  • Never clicking on suspicious emails. If you receive an email that looks suspicious, it probably is. Make sure employees never click on a link unless they’re certain an email is legitimate. Your company’s IT department can serve as a resource for employees when something looks suspicious. Remind your employees to never provide personal information over email. If an employee receives an email that appears to be from a financial institution, the IRS or another reputable organization, they should call the toll-free number of that that institution (the one listed on the company’s website, not a phone number in the suspicious email) to verify the email’s authenticity before providing any information.
  • Installing security software on all devices. Make sure any internet-enabled devices with access to company data are equipped with strong, updated security software that regularly scans for suspicious and harmful activity. Security software should include firewalls, anti-virus protection and intrusion detection. Stress to employees the importance of never connecting to the internet without strong security software in place.
  • Keeping operating systems and software up to date. Software and operating system updates often include security fixes, which is why it’s important for all employees to enable automatic updates on all devices. They should also be aware of the importance of using a well-respected internet browser, such as Chrome or Firefox, that’s more likely to be regularly updated with the latest security protections.

#6 – Implement a company-wide cybersecurity training program.

Your employees are the first line of defense against fraud, which is why it’s important to continually educate them on the latest threats and strategies to keep company data secure. At Creative Planning Business Services, we support clients with KnowBe4 and PII Protect, cybersecurity awareness training platforms that continually update your workforce on the latest threats and how to combat them. KnowBe4 and PII Protect help businesses address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics that could target your business.

To learn how Creative Planning Business Services can provide outsourced IT support to help protect your business from phishing scams and cyberfraud, please schedule a call.

This commentary is provided for general information purposes only, should not be construed as investment, tax or legal advice, and does not constitute an attorney/client relationship. Past performance of any market results is no assurance of future performance. The information contained herein has been obtained from sources deemed reliable but is not guaranteed.

LET'S TALK

Find out how Creative Planning can help you maximize your wealth.

Request a Meeting

Latest Articles

The Week in Charts (10/08/24)

October 9, 2024

How to Help Your Kids Without Ruining Their Lives

October 8, 2024

4 Tips to Help Enhance Your Long-Term Financial Wellness

October 4, 2024

Ready to Get Started?

Meet with a wealth advisor near you to see if your money could be working harder for you. Receive a free, no-obligation consultation.

 

Prefer to discuss over the phone?
833-416-4702

Creative Planning Logo

Could your money be working harder for you? Contact our team today.

Request a Meeting

Client Services: 866-909-5148

Retirement Plan Services: 866-427-4015

Become a Client: 833-416-4702

Client Login

Visit Creative Planning International

*Industry disclaimer information

Personal Wealth

Retirement & Foundations

Business Services

Insights

About

Resources

© Creative Planning, LLC | All Rights Reserved.