Picture this all-too-plausible scenario: a small business owner receives an authentic-looking email from a payee with whom his company regularly does business. The email states that due to lost records, the company will stop issuing payments to the small business unless someone verifies account information by clicking an enclosed link and completing an online form. Knowing the company has a significant accounts receivable balance, and that his small business needs those payments to stay in the black, the SBO clicks the link and fills out the form.
He’s just been phished and the impact of getting hooked by this type of cyber scam can be devastating. Not only has the SBO compromised his own financial and business data, he may well have put at risk the data of all his customers and other vendors with whom he does business. Phishing can open the door to a data breach, so it’s vital to be aware of the common ways cyber crooks try to dupe consumers and businesses.
In 2013, more than 448,000 phishing attacks netted scammers an estimated $5.9 billion. All forms of identity theft, including phishing, affected 13.1 million victims in 2013 and caused about $18 billion in losses. What’s more, the number of people who fall victim to identity theft following a data breach is increasing; in 2010, just one in nine data breach victims had their identities stolen, and in 2013 it was one in three.
Common ways in which phishing occurs include:
- A phone call from someone claiming to be with a credit card company trying to verify a purchase.
- A claim – either by phone or email – that lost records have made it necessary for you to provide information to continue service, receive payment, etc.
- A threat to close or suspend a financial account unless you verify information.
Phishers use a variety of vehicles to cast their nets, including email, snail mail, telephone, text message and interception of information from a legitimate website. They’re looking for valuable data such as real names and/or user names, passwords and PINs, street addresses, Social Security numbers, and credit card, financial account or verification numbers.
Once they have your data, phishers and other cyber criminals can use it to steal consumer and business identities, open fraudulent lines of credit … even walk their way into a data breach of major proportions. Businesses need to be as vigilant about phishing as consumers do. Learn to recognize the signs of a phishing scam and train employees on how to respond if they suspect an email, phone call, text message or other type of contact is really a phishing scam.