Skip to main content

When internet fraudsters mimic a legitimate business to trick consumers into giving out their personal information, it’s called phishing. It’s not just a problem for consumers, but for the companies the scammers are impersonating too. The FTC has long provided advice to consumers about steps they can take to avoid phishing scams. But what should you do if customers contact your company upset that they responded to a phishing email from a scammer impersonating your legitimate business?


If consumers fall victim to phishing schemes that falsely invoke your company name, they may look to you for guidance on the next steps to take. Offering immediate advice and support can help you retain the customer goodwill you’ve worked so hard to develop.

How should you respond if your business is impersonated in a phishing scam?

  • Notify consumers of the scam.  If you are alerted to a phishing scam where fraudsters are impersonating your business, inform your customers as soon as possible. If your business has a social media presence, announce the scam on your social media sites and warn customers to ignore suspicious emails or texts purporting to be from your company. You can also inform your customers of the phishing scam by email or letter. The important point is to remind your customers that legitimate businesses like yours would never solicit sensitive personal information through insecure channels like email or text messages.
  • Contact law enforcement.  If you become aware of a phishing scam impersonating your business, report the scam to the FBI’s Internet Crime Complaint Center. Suggest that affected customers forward any phishing emails impersonating your business to the Anti Phishing Working Group, a public-private partnership against cybercrime. Consumers also can file a complaint with the FTC.
  • Provide resources for affected consumers.  If consumers believe they may be victims of identity theft because of the phishing scam impersonating your business, direct them to www.IdentityTheft.gov where they can report and recover from identity theft.  For more information about recommended computer security practices, direct consumers to resources on the FTC’s consumer information site where they can learn how to protect themselves online and avoid phishing attacks.
  • Use the episode as reminder to update your security practices.  Data security isn’t just a one-and-done checklist. Threats are ever-evolving, so your defenses need to be nimble, too. For information on securing sensitive customer information, be a frequent flyer on the FTC’s data security portal. Follow case developments and read publications designed for companies of any size and sector, including Start with Security and the recently refreshed Protecting Personal Information: A Guide for Business. Pressed for time? Pledge two minutes a day to watch a video from the FTC’s resource library for businesses.

Tags:

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

WASKEY
March 06, 2017
I don't like scams knocking up my cash saying I won a grant of 5,000 bucks trick me of paying 250 bucks to wire it to my account. So I called the special network with FBI to catch those criminal people here in the US and China.
Michael Allen …
December 19, 2017
Yes I As well Got the IRS scam call told me i owed $2000 in back taxes from 2005-2010 i new right away it was bs he said if i did not pay i would be arrested , so i said SEND ME THE DOCUMENTS AND I WILL CHECK IT OUT HE SAID NO,,, SO i keep playing him me (acting like i was in fear for if i not payed ) me just said ,,,the middle finger and told him to F off its people scammers like that that make it hard for the IRS< me no fan< neverthelesss i contacted the IRS and told them the # from the fake IRS caller anyways I Know there are Lots of really good Women and Men in USA gov yet its Hard on them and there familey With A Greatful Heart me Michael Says thanks to YOU ALL Be Well Rest Well as Men Love your Wife and Familey WithAllLovingKindNess Michael
Lisa George
November 23, 2018
I just got a call. Caller ID said Fannie Mae and they wanted to talk to me about WINDOWS program
Richard Carlson
September 15, 2021

In reply to by Lisa George

I’ve been getting a calls from “Aetna” according to caller ID, wanting verification of my personal info. Calls now once or twice a week! A call to Aetna reveals the company knows nothing of such calls. Scammers also give a return call number...which, when tried, doesn’t exist.

More from the Business Blog

Get Business Blog updates

 
Return to top