When internet fraudsters mimic a legitimate business to trick consumers into giving out their personal information, it’s called phishing. It’s not just a problem for consumers, but for the companies the scammers are impersonating too. The FTC has long provided advice to consumers about steps they can take to avoid phishing scams. But what should you do if customers contact your company upset that they responded to a phishing email from a scammer impersonating your legitimate business?
If consumers fall victim to phishing schemes that falsely invoke your company name, they may look to you for guidance on the next steps to take. Offering immediate advice and support can help you retain the customer goodwill you’ve worked so hard to develop.
How should you respond if your business is impersonated in a phishing scam?
- Notify consumers of the scam. If you are alerted to a phishing scam where fraudsters are impersonating your business, inform your customers as soon as possible. If your business has a social media presence, announce the scam on your social media sites and warn customers to ignore suspicious emails or texts purporting to be from your company. You can also inform your customers of the phishing scam by email or letter. The important point is to remind your customers that legitimate businesses like yours would never solicit sensitive personal information through insecure channels like email or text messages.
- Contact law enforcement. If you become aware of a phishing scam impersonating your business, report the scam to the FBI’s Internet Crime Complaint Center. Suggest that affected customers forward any phishing emails impersonating your business to the Anti Phishing Working Group, a public-private partnership against cybercrime. Consumers also can file a complaint with the FTC.
- Provide resources for affected consumers. If consumers believe they may be victims of identity theft because of the phishing scam impersonating your business, direct them to www.IdentityTheft.gov where they can report and recover from identity theft. For more information about recommended computer security practices, direct consumers to resources on the FTC’s consumer information site where they can learn how to protect themselves online and avoid phishing attacks.
- Use the episode as reminder to update your security practices. Data security isn’t just a one-and-done checklist. Threats are ever-evolving, so your defenses need to be nimble, too. For information on securing sensitive customer information, be a frequent flyer on the FTC’s data security portal. Follow case developments and read publications designed for companies of any size and sector, including Start with Security and the recently refreshed Protecting Personal Information: A Guide for Business. Pressed for time? Pledge two minutes a day to watch a video from the FTC’s resource library for businesses.