13 Tips from the FTC to Protect Against Phishing Attacks

In the second article of this series from the Federal Trade Commission, we’re holding a magnifying glass up to phishing and ransomware scams and bringing you 13 things to consider as you set up strategies to protect your business.

The Federal Trade Commission (FTC) is bringing you an informative series on various scams that can target and potentially devastate small businesses. In the first article of this series, we highlighted an unsophisticated, but highly lucrative, scam aimed at the business community: the sending of and billing for unordered merchandise. In this second installment from the staff of the FTC’s East Central Region, we focus on more sophisticated scams involving phishing and malware.

Share
  • Email
  • Compass Payroll
    Pre-Check

    Phishing is when a scammer uses fraudulent emails or texts, or copycat websites to get unsuspecting people to share valuable personal information—such as account numbers, Social Security numbers, or login IDs and passwords—which scammers can use to steal money, your identity or both. Phishing scammers lure their targets into a false sense of security by spoofing the familiar, trusted logos of established, legitimate companies, or they may pretend to be a colleague or a familiar vendor. 

    Scammers also use phishing emails to get access to your computer or network to install malware. Malware includes viruses, spyware and other unwanted software that gets installed on your computer or mobile device without your consent. These programs can cause your device to crash and can be used to monitor and control online activity. They also can make your computer vulnerable to viruses and deliver unwanted or inappropriate ads. A lucrative form of malware for scammers is called ransomware, a program that can lock you out of important files on your computer.

    To reduce the risk of falling for a phishing attempt or downloading malware, you should train every employee or contractor who has access to your network—including yourself. Here are 13 things to keep in mind as you establish strategies to protect your business:

    Tip No. 1: Think twice before clicking on links or downloading attachments and apps. Even emails from your friend or colleague could be dangerous. Files and links can contain malware that can weaken your computer’s security. You also can get malware from visiting a compromised site or through malicious online ads.

    Tip No. 2: Do your own typing. If a company or organization you know sends you a link or phone number, don’t click. Use your favorite search engine to look up the website or phone number yourself. Even though a link or phone number in an email may look like the real deal, scammers can hide the true destination.   

    Tip No. 3: Make the call if you’re not sure. Do not respond to any emails that request personal or financial information. Phishers use pressure tactics and prey on fear. If a colleague or a vendor asks for personal or financial information, pick up the phone and call them yourself using the number in your address book or on their website, not the one in the email.

    Tip No. 4: Turn on two-factor authentication. For accounts that support it, two-factor authentication requires both a password and an additional piece of information to log in to an account. The second piece could be a code sent to a mobile device, or a random number generated by an app or a token. This protects an account even if the password is compromised.

    Tip No. 5: Back up files to external hard drives or cloud storage. Back up company files regularly to protect against viruses or a ransomware attack. Remember to log out of the cloud and unplug external hard drives so hackers can’t encrypt and lock your back-ups, too.

    Tip No. 6: Get well-known software directly from the source. Sites that offer lots of different browsers, PDF readers and other popular software for free are more likely to include malware.

    Tip No. 7: Read each screen when installing new software. If you don’t recognize a program, or are prompted to install additional “bundled” software, decline the additional program or exit the installation process.

    Tip No. 8: Install and update security software and use a firewall. Use security software you trust, and set operating systems, web browsers and security software to update automatically.

    Tip No. 9: Don’t change your browser’s security settings. You can minimize “drive-by” or bundled downloads, which are more likely to have malware, if you keep your browser’s default security settings.

    Tip No. 10: Pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file.

    Tip No. 11: Don’t click on pop-ups or banner ads about your computer’s performance. Scammers insert unwanted software into banner ads that look legitimate, especially ads about your computer’s health. Avoid clicking on these ads if you don’t know the source.

    Tip No. 12: Scan USBs and other external devices before using them. These devices can be infected with malware, especially if you use them in high traffic places, like public computers.

    Tip No. 13: Talk about safe computing. Educate your colleagues that some online actions can put the company’s computers at risk: clicking on pop-ups, downloading “free” games or programs, opening chain emails or posting personal information.

    How do I know if company computers are infected with malware? 

    Monitor computers for unusual behavior. A computer might be infected with malware if it:

    • slows down, crashes or displays repeated error messages;
    • won't shut down or restart;
    • serves a barrage of pop-ups;
    • serves inappropriate ads or ads that interfere with page content;
    • won’t let you remove unwanted software;
    • injects ads in places you typically wouldn’t see them, such as government websites;
    • displays web pages you didn’t intend to visit; or
    • sends emails you didn't write. 

    Other warning signs of malware include:

    • new and unexpected toolbars or icons in your browser or on your desktop;
    • unexpected changes in your browser, like using a new default search engine or displaying new tabs you didn’t open;
    • a sudden or repeated change in your computer’s internet home page; or
    • a laptop battery that drains more quickly than it should.

    What if I think I’m a victim?

    If you suspect there is malware on your computer, there are many companies that offer tech support. Online search results might not be the best way to find help, however. Tech support scammers pay to boost their ranking in search results so their websites and phone numbers appear above those of legitimate companies. If you want tech support, look for a company’s contact information on their software package or on the purchase agreement.

    What if I know I am a victim?

    If you are a victim of ransomware, where hackers take over your computer and demand a sum of money to give you back control, you can contain the attack by disconnecting the infected devices from your network to keep ransomware from spreading. If you’ve backed up your files, and removed any malware, you may be able to restore your computers. You should also contact law enforcement by reporting ransomware attacks to the Internet Crime Complaint Center or an FBI field office.

    Should I pay the ransom?

    Companies often ask if they should pay the ransom. Law enforcement doesn’t recommend paying the ransom, although it’s up to you to determine whether the risks and costs of paying are worth the possibility of getting your company’s files back. If you pay the ransom, there’s no guarantee you’ll get the files back. In fact, agreeing to pay signals to criminals that the company hasn’t backed up its files. Knowing this, they may increase the ransom price—and may delete or deny access to your files anyway. Even if you do get the company’s files back, they may be corrupted. And your company might be a target for other scams.

    The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. You can file a complaint online at www.ftc.gov/complaint or by telephone at 1-877-FTC-HELP (1-877-382-4357). Forward phishing emails to spam@uce.gov and to the organization impersonated in the email.


    Grasshopper
    Next up: Don't Take the Risk of Fraud Lightly: 17 Steps to Protect Your Business
  • More in Operations
  • Don't Take the Risk of Fraud Lightly: 17 Steps to Protect Your Business

    While completely eliminating incidences of payment fraud may be impossible, there are definitely steps you can take to minimize the risk of exposure.By taking daily precautions, you can make it that much harder for fraudsters to perpetrate their schemes.

    While completely eliminating incidences of payment fraud may be impossible, there are definitely steps you can take to minimize the risk of exposure.By taking daily precautions, you can make it that much harder for fraudsters to perpetrate their schemes.

    Share
  • Email
  • Compass Payroll

    Some basic tips for avoiding fraud:

    Pre-Check

    • Adhere strictly to your company’s security policies; they put them there for a reason.
    • Always use strong passwords to thwart attempts to hack your accounts.
    • Never share your passwords or let someone else log-in to your computer.
    • Enroll in your bank’s security alerts, notifying you if there’s suspicious account activity.
    • No financial institution, including Fifth Third Bank, should never send you an email asking you to verify or supply personal information.
    • Never send personal information via e-mail unless it is to a trusted source and use some type of encryption.
    • Never open unsolicited e-mails from unknown e-mail addresses. Set your spam filter on high to block suspicious communications.
    • Exercise reasonable care when downloading software and opening email attachments. Never download or open an e-mail attachment from an unknown email address.
    • Install a firewall and both anti-virus and anti-spyware software. Keep your virus definitions and browser and security software current.
    • Don’t write your PIN number on your credit card.
    • Make sure your mobile phone number and other contact information are registered with your card issuer so they can verify transactions.
    • Don’t let your commercial card out of your sight when making a transaction.
    • When entering a PIN into a card-reader or ATM, use your free hand or body to shield the number from prying eyes.
    • Always review receipts after using your corporate credit card and report any suspicious charges.
    • Be sure to keep the card issuer’s phone number in your mobile phone’s contact list in case your card is lost or stolen.
    • If shopping on the Internet, use only secure, trusted sites.
    • Where available, take advantage of Europay Mastercard Visa (EMV) credit/debit cards with embedded microchips which dramatically reduce point-of-sale (POS) fraud.

    Beyond these proactive steps, businesses should also take advantage of protective tools offered by their bank, such as malware detection software and authentication for more secure logins. Follow these tips to help protect your business from the growing threats of fraud.


    Fifth Third and Fifth Third Bank are registered trademarks of Fifth Third Bancorp. Deposit and credit products provided by Fifth Third Bank. Member FDIC.


    Grasshopper
    Next up: 17 Things You Didn't Know About Energy Usage and Project Funding
  • More in Operations
  • 17 Things You Didn't Know About Energy Usage and Project Funding

    Commercial buildings represent more than 40% of all the energy consumed in the U.S., so there’s obviously a lot of room for energy savings. Read on to learn more about energy consumption and how you can get the financing you need to complete energy efficiency projects.

    It’s no big secret to business owners that energy costs are one of the biggest expenses their business faces. In fact, commercial buildings represent 43% of all of the energy consumed by buildings in the United States, yet are still just a tiny fraction of the energy efficiency market, according to the International Energy Agency.

    Share
  • Email
  • Compass Payroll

    It’s clear how becoming more energy efficient should be a priority for business owners. Earlier this month, the COSE/GCP Energy Team hosted a workshop on financing solutions that make energy projects feasible and help businesses become more energy efficient, thus improving their bottom line.

    Listed below are the 17 things you need to know about how companies are using (or misusing) energy and how they can obtain financing to make their energy consumption more efficient.

    Pre-Check

    1. Barriers to investment. According to a 2016 International Facilities Management Association study of sub-100,000-square-foot buildings, owners listed financial capacity and technical expertise continue to be barriers to investment in energy efficiency and clean energy upgrades.

    2. No budget. More than three out of four owners (76%) have no specific energy budget.

    3. Limited third-party options. A total of 87% of owners have limited access to third-party financing options, largely because they do not know that such financing exists.

    4. No contract. Almost nine out of 10 owners (88%) have no energy services agreement or contract.

    A solution

    C-PACE financing could be a solution for the business owners listed above. What is C-PACE and how can it help?

    5. What is C-PACE? C-PACE is a government financing policy that classifies energy-saving upgrades as a public benefit, such as a sewer, road extension, etc.

    6. How can C-PACE Help? With C-PACE, private lenders provide capital to build qualifying projects and they are repaid through the property tax bill over the life of the equipment (often 20 or more years). This makes most projects cash flow positive from day one.

    7. What qualifies? Most energy efficiency and water projects qualify.

    How PACE financing can help

    So, what are the benefits of C-PACE financing for pre-existing buildings?

    8. Attractive terms. It provides long-term financing with fixed rates of up to 20-year terms.

    9. Attractive cost. The cost of capital is low.

    10. All-in financing. This is 100% financing. No capital outlay is required from the property owner (hard or soft costs).

    11. NOI positive projects. With no capital outlay and long-term financing term, projects generally cash flow and generate net operating income beginning on day one.

    12. Non-recourse financing. The financing is non-recourse, with no corporate or personal guarantees required.

    13. Non-accelerating financing. The financing is non-accelerating, even in the event of the sale of the property.

    14. It’s not debt. It does not consume credit capacity because it’s not considered debt.

    15. Flexible structure. It can be structured to pass through costs with tenants for NNN leases.

    16. Fast underwriting. Fast-tracked underwriting can lead to a quick close.

    Contact the COSE/GCP Energy Team today

    17. Contact us today. And what’s the 17th takeaway on all this? It’s to contact the COSE/GCP Energy Team at energy@gcpartnership.com and let the Team evaluate your project, prescreen your business for C-PACE and connect you with the capital and resources you need to start saving on your energy expenses.

    Grasshopper
    Next up: 2010 CIO Symposium Google Apps and Cloud Computing Breakout Session
  • More in Operations
  • 2010 CIO Symposium Google Apps and Cloud Computing Breakout Session

    When Google announced its free “Gmail” service on April 1, 2004, many initially thought it was to be a cute April Fool’s joke. Over six years and more than a dozen free or nearly free applications later, Google apps and other cloud-based options have moved from nice consumer toys to serious enterprise tools.

    When Google announced its free “Gmail” service on April 1, 2004, many initially thought it was to be a cute April Fool’s joke. Over six years and more than a dozen free or nearly free applications later, Google apps and other cloud-based options have moved from nice consumer toys to serious enterprise tools. For many CIOs, the question has changed from “Can cloud-based applications like this be taken seriously?” to “Will I be taken seriously if I don’t strongly consider Google Apps for my organization?” Join us for a discussion of IT leaders who swear by them, swear at them, and ponder the future of Google apps and other cloud applications in the enterprise. 

    Share
  • Email
  • Compass Payroll

    Panelists included: Matt Hallock, Expedient; Stephen Hujarski, ASW Global; Michael Kimmel, Cleveland Institute of Art 

    Listen here.


    Pre-Check
    Next up: 2010 CIO Symposium Keynote Address by Anuj Dhanda of PNC
  • More in Operations
  • 2010 CIO Symposium Keynote Address by Anuj Dhanda of PNC

    The CIO Symposium strives to bring thought-provoking and engaging keynote presenters to our conference. This year is no exception as Anuj Dhanda, CIO of PNC, will present our afternoon keynote. 

    Keynote Presenter: Anuj Dhanda, CIO - PNC 

    Share
  • Email
  • Compass Payroll

    The CIO Symposium strives to bring thought-provoking and engaging keynote presenters to our conference. This year is no exception as Anuj Dhanda, CIO of PNC, will present our afternoon keynote. As the 12th largest bank in the country, PNC's IT needs are varied and critical. Mr. Dhanda will share information on the company's IT strategy and offer insight into some of the merger issues with the company's acquisition of National City Corporation. 

    Listen here.

    Pre-Check
    Next up: 2010 CIO Symposium Open Source 3.0 Breakout Session
  • More in Operations
  • 2010 CIO Symposium Open Source 3.0 Breakout Session

    The merits of open source are not limited to lower initial cost to implement, and many of the initial concerns of the enterprise (security issues, lack of support, revision issue) have largely been confronted. As we move deeper into the second decade of open source software, we’ll explore new challenges, new opportunities and new examples of “free” software that continually requires re-examination. 

    The merits of open source are not limited to lower initial cost to implement, and many of the initial concerns of the enterprise (security issues, lack of support, revision issue) have largely been confronted. As we move deeper into the second decade of open source software, we’ll explore new challenges, new opportunities and new examples of “free” software that continually requires re-examination. Panelists from Abercrombie&Fitch, IdeaEngine and Revol Wireless shared their expertise.

    Listen here.

    Share
  • Email
  • Compass Payroll
  • More in Operations