As a business owner, you need to be aware of the threat of phishing scams. These scams often target individual consumers but can easily be adapted to target your business. The goal is typically to deceive or manipulate one of your employees into providing sensitive information.
In general, a phishing scam occurs when someone contacts a business—often by email, text message or another online method—attempting to “fish” for sensitive information. This could include passwords, account numbers, usernames, identification numbers – such as tax IDs or Social Security numbers – and more.
How could this occur?
For example, imagine someone in your payroll department receives an email claiming to be from a financial institution your company works with regularly. The email states that there has been a technical error on their end, and they need you to confirm your account number and password to resolve the issue.
Your employee, thinking the email is legitimate and worried that the “technical error” could harm the business, provides the requested information. In reality, the email didn’t come from the financial institution at all. The scammer who sent the phishing email now has your company’s login credentials and account details, allowing them to access the business’s funds and transfer them into their own account.
One of the reasons these scams are so problematic is that they exploit human users. While you may already have technical safeguards in place, such as password-protected accounts, these measures can be undermined if someone is tricked into giving up sensitive information.
If your business has been harmed by a phishing scam or targeted by other types of financial fraud, you need to understand the legal steps you can take to protect your company and pursue justice.