Safeguard Your Business From Common Scams

Internet crime complaints soared in 2020—up nearly 70 percent from 2019, according to the FBI. These scams have reported losses exceeding $4.2 billion and with state-specific statistics located in the 2020 Internet Crime Report. Cybercrime has continued to grow even more with more organizations doing business online and the continued instability in eastern Europe.

The top three crimes reported were phishing scams, non-payment/non-delivery scams and extortion. Victims lost the most money to business email compromised scams. 

Intrada Technologies continues to caution users to be aware of scams through social media, email, phone and text messages. Scammers are continually evolving and trying new techniques, so users need to be diligent and aware of the continue threats.    

Here are a few reminders to safeguard your and your business against some of the most common scams. 

Emails are Not Secure Unless Encrypted

Never send any account, social security information, passwords or medical information over email without ensuring it is encrypted.

Sending an unencrypted email is like mailing a letter in a clear envelope for your neighbors, postal employees or criminals to see.   

If you need to send confidential information, use encrypted email or contact the receiving party for another option.   

Be Aware of Email Spoofing

Email spoofing is a form of cyberattack in which a scammer sends an email that has been manipulated to seem as if it originated from a trusted source.   

This type of cyberattack is very hard to completely prevent, so users are the last line of defense. Scammers will send an email addressed from a generic account, but change the FROM address to a familiar source—tricking users into trusting the email and clicking links or responding. 

Be aware that names of email accounts can be spoofed and do not trust emails without verifying the sender, especially before clicking a link, sending over personally identifiable information ( PII Personally Identifiable Information (PII) refers to any data that can be used to identify a specific individual, either on its own or when combined with other information. This type of information is critical to the security and privacy of individuals, as its exposure or misuse can lead to identity theft, financial fraud, and other personal harms. PII includes a wide range of identifying details such as names, addresses, phone numbers, email addresses, Social Security numbers, passport numbers, driver's license numbers, and biometric data like fingerprints or facial recognition features. Organizations that handle PII are responsible for implementing robust security measures to protect this data from unauthorized access, breaches, and other cyber threats. They must also ensure compliance with relevant data protection regulations such as the General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA) in the United States, and other local privacy laws. Managing PII securely involves practices like data encryption, access controls, regular security audits, and employee training on data privacy. Safeguarding PII is not only a legal obligation but also fundamental to maintaining consumer trust and confidence. Companies that protect personal data effectively can enhance their reputation and foster stronger relationships with their customers, thereby contributing to long-term business success. ) or transferring funds.

Do Not Click on Hyperlinks in Emails

Scammers want you to click on hyperlinks in emails. The seemingly harmless links sent through an email usually take you to sites that try to trick you into sharing more information or they run malicious code on your computer.

If you are not positive that you received a valid email, do not click on the link! Instead, open a browser and go to the website directly.    

Confirm Wire Transfer or Direct Deposit Changes Via Another Method

Emails requesting wire transfers or direct deposit changes should always be confirmed with the other party. To safely confirm all account changes, create a confirmation process that uses two different methods of communication to confirm a change in accounts or financial transactions.   

For example, if a request for a wire transfer or direct deposit change was received through an email or other electronic communication, the request should be confirmed either in-person or by calling the requesting party directly.  

Never confirm the transfer or change by using the same communication method by which the request was received. Why? If an employee’s or vendor’s email account was hacked, then the cybercriminal could make a request via email, then confirm it via email and your organization could potentially lose a lot of money.

Protect Your Business with Cybersecurity Awareness Training

Intrada Technologies offers our clients and non-profit organizations cybersecurity training solutions through seminars and resources to increase cybersecurity awareness in your organization. Training solutions are designed to help users understand cyberthreats and explain terminology—for both personal and business applications.

Intrada wants all users to be protected and aware of cyberthreats to prevent fraud, costly errors and decrease cybercrimes.

To learn more and to schedule your free cybersecurity training seminar, contact James Haywood at (800) 858-5745 or by emailing jhaywood@intradatech.com.

Sources
https://www.fbi.gov/news/press-releases/press-releases/fbi-releases-the-internet-crime-complaint-center-2020-internet-crime-report-including-covid-19-scam-statistics

Cybersecurity Awareness Poster

Click here for a cybersecurity awareness training poster that Intrada Technologies clients may print and post to meet cybersecurity insurance requirements.