Phishing Scams: How To Protect Your Small Business From Cyber Thieves

One of the top cyber crimes, and the most profitable, are phishing scams.  Large corporations such as Sony have been jeopardized and reports of these types of cyber crimes are being reported at a high rate.  Phishing scams are just as dangerous to small business owners as they are to large corporations.

Over 300,000 complaints were filed in 2010 to the Internet Crime Complaint Center, a partnership between the National White Collar Crime Center and the FBI.  These complaints were from small businesses and individuals wronged by online phishing scams and numerous other Internet related crimes.

Understanding what phishing is will help you identify what makes your small business so appealing to cyber criminals.

What is phishing?

What does “phishing” mean? Phishing is the attempt to access private data, such as financial information, usernames, and passwords. This is attained by making false websites, graphics, email accounts, and phone numbers. The subject is persuaded, by one method or another, to reveal these types of data that may be used to steal their identity (social security numbers are a popular target). For small businesses, phishing scams may attempt to gain access to customer credit card information. 

Examples of small business phishing scams

There are many models of small business phishing scams.  For example, fake emails have been sent to thousands of smaller businesses that are highly authentic looking from the IRS and even including the IRS logo.  These emails explain that they must fill out tax forms or W-4 forms and return these forms by fax.  Many business owners trust this information was sent by the IRS and fear that they will be audited if they do not do what the email said was requested of them.

At the official website,, the IRS states that it will not contact companies through email first. Beware and use caution before clicking on a link claiming to be from them.

Your company email can be a target

Thieves can gain access to a business by targeting a particular individual by sending them deceitful emails that conveys a professionally sincere image. Most of the time these emails will contain a computer virus or malware. It has the ability to infect a company’s entire network, which allows thieves to gain access to confidential data.

Phone phishing

Beware that there are also “Phone phishing scams”, in which someone claiming to be from a bank, for instance, might ask you to call and verify your account.

How to protect your business against phishing

The Anti-Phishing Work Group offers wonderful advice on how to keep your small business from becoming a target of phishing. Here are several of their tips:

  • Make sure your employees are aware of what phishing scams are, and are cautious when reading and responding to suspicious emails.  Always err on the side of caution.  Instead of clicking a link, open another browser window and go to the official website.
  • Never give out company financial information such as bank routing numbers to an inquiry made via email.  Your bank does not need you to confirm your account information…they already have that. An email like that even if it has your bank’s logo is a fake. Make it a habit to check your accounts regularly for suspicious charges and withdrawals.
  • Make sure every computer used has up-to-date virus and malware protection.  Schedule regular full system scans.  Never download “anti-virus” software from an unknown entity. It’s better to stick with trusted brands.

The APWG keeps statistics on phishing scams and offers lots of advice on safe guarding your business.  Phishing is almost impossible for law enforcement to stop.  The best defense is to educate yourself and your employees on how to identify phishing scams and stay up to date on the latest information.