Protect yourself and your company against phishing scams

You should be aware of phishing scams and be vigilant in protecting yourself and your business.

What is phishing?

Phishing is an online scam that occurs when a phisher uses email, ads, or fraudulent websites to trick you into sharing personal and financial data.

Often, potential victims receive an email that appears to be from a legitimate organization — usually a financial institution — but the link in the email opens a fraudulent website that replicates the organization's site. You can sometimes tell that the website is fraudulent because of the following.

• misspelled words
• poor grammar
• general unprofessional appearance

However, as internet criminals become more sophisticated, you will find it harder to distinguish fraudulent websites from real sites.

Phishers use email addresses collected from numerous sources (for example, websites and social media profiles) and then send large quantities of email messages to those addresses with common terms, logos, and brands. Phishers realize that most of those emails will be deleted, but even if a few recipients respond to the scam, the phishers profit.

Receipt of a phishing email doesn't constitute or indicate any kind of data breach on its own. The breach occurs when recipients click the link in the email and enter personal information on the fraudulent website, which is how scammers get information. Then, they use that information before recipients even realize what has happened.

Attackers can also take advantage of an email application’s ability to execute HTML code, leaving the affected computer open to viruses, Trojans, and worms.

Information phishing sites seek

• Usernames and passwords
• Bank account numbers
• Personal Identification Numbers (PINs)
• Credit card numbers
• Mother's maiden name
• Birthdays

How to protect yourself and your business

• Develop a plan that details how you'll safeguard your information, and put the appropriate safeguards into place.
• Make your staff aware of the dangers of phishing scams, since employees can also become victims of a phisher.
• Train your staff on how to spot phishing scams.
• Reinforce training on a regular basis.
• Carefully review any message from a site that seeks personal information. If you receive this type of message, do not provide the information requested without confirming that the site is legitimate.
• Do not click links in email messages, unless you are certain the message is from a trusted source.
• Do not enter personal or financial information into pop-up windows.
• Keep your computer applications current with the latest security updates.
• Do not turn off phishing and malware warnings.

Keep yourself and your staff informed and well-trained to help alleviate the potential for problems in your company.

© Thomson Reuters/Tax & Accounting. OnBalance is a trademark of Thomson Reuters and its affiliated companies. All Rights Reserved. Any trademarks, logos and service marks on this website are registered and unregistered trademarks of their respective owners. All linking and access to and use of this website is subject to the terms and conditions of use. Unauthorized linking, access, and use are strictly prohibited.