Business Blog
Small business? Know how to stop a would-be business impersonator
Small businesses are the engine of the American economy. Whether you own a bakery, an accounting firm, a local repair shop, or something else, you want to protect what you’ve built. Sometimes that means protecting it from scammers who try to use your company’s good name.
Here’s how it might happen: a scammer sets up an email address that looks like it’s from your company and sends an email to your customers. The scammer might say there’s a problem with the customer’s account or make up some other problem. What’s the scammer’s goal? To get your customers to give them passwords and bank account numbers, or to get someone to send them money.
Here’s how to stop a business impersonation scam before it starts:
Use email authentication. Make sure the email provider you use for your business offers email authentication technology. That way, when you send an email from your company’s server, the receiving servers can confirm that the email is really from you. If it’s not, the receiving servers may block it.
Keep your network security up to date. Always install the latest patches and updates. Set them to update automatically on your network. Look for additional means of protection, like intrusion prevention software, which checks your network for suspicious activity and sends you alerts if it finds any.
Train your staff. Teach them how to avoid phishing scams and show them some of the common ways attackers can infect computers and devices with malware. Include tips for spotting and protecting against cyber threats in your regular employee trainings and communications.
If someone spoofs your email, report the scam to local law enforcement, the FTC at ReportFraud.ftc.gov, and the FBI’s Internet Crime Complaint Center at IC3.gov. You can also forward phishing emails to reportphishing@apwg.org (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions, and law enforcement agencies).
And if you find out scammers are impersonating your business, warn your customers as soon as possible — by mail, email, or social media. If you’re emailing the warning to your customers, send an email without hyperlinks. (You don’t want your notification email to look like a phishing scam.) Remind customers not to share any personal information through email or text. If your customers’ data was stolen, direct them to IdentityTheft.gov to get a recovery plan.
Learn more about protecting your businesses at Cybersecurity for Small Business.