Most consumers are clued in to phishing attempts sent to their personal email accounts. We learned to disregard messages that say they’re from our bank or credit card company that ask us for personal information or tell us to click on a link.
“Phishing” is an attempt to acquire personal information such as your name, your social security number, your bank account information or other personal identifying information by sending an email falsely claiming to be a legitimate entity in an attempt to scam you into surrendering private information. Phishing has expanded to include “Vishing”- voice over IP (VOIP) and “Smishing”- short message service- text message phishing attempts over your cell phone.
“These days con artists have new ‘phish’ to fry. Often using publicly available information about small businesses – including non-profits and government offices – they craft messages tailor-made to sound legit,” said Attorney General Kilmartin. “But, when a business recipient clicks on a link in what appears to be a familiar sender, fraudsters install malicious software that ransacks computer files in search of corporate account information. Once the account is compromised, the crooks can issue counterfeit checks, wire money to partners in crime, and drain a company’s assets.”
What can businesses do to protect themselves from this form of fraud?
1) Educate your employees. The oldie-but-goody advice still applies: Don’t respond to messages at the office that ask for sensitive information. And don’t open attachments or click on links in unsolicited email.
2) Enhance the security of your computer and networks. Limit the number of computers that are used for online banking and payments. A workstation authorized for that purpose shouldn’t be used for general web browsing or emailing. Install routers and firewalls to prevent unauthorized access. Keep your anti-virus and anti-spyware software up to date. Talk to your IT staff to make sure your default settings give you as much security as possible.
3) Enhance the security of your corporate banking practices. Talk to your financial institution about services that can help protect your company from altered or counterfeit checks or unauthorized ACH transactions.
4) Set up systems to detect fraud at the earliest stage. Monitor and reconcile your accounts at least once a day. Talk to your financial institution about identifying activity that looks out of the ordinary for your company. Investigate sluggish networks, unexpected rebooting, a new homepage, unfamiliar toolbars, or unusual pop-ups.
5) Move fast if you detect suspicious activity. Disconnect the computer from your network, including wireless connections. Contact your financial institution immediately to disable online access. Review all recent transactions and electronic authorizations on the account. Make sure no one’s added new payees, requested a change to your address or phone number, changed existing wire or ACH template profiles, changed PIN numbers or ordered new cards or checks.
Attorney General Kilmartin also reminds small businesses to correctly and safely dispose of all documents that may contain private information about the business, employees, or clients. “Shredding is the best way to ensure identity thieves don’t ransack your trash to ruin the lives of your employees and customers.”
As part of National Consumer Protection Week, Attorney General Kilmartin is partnering with Doc Shredding to hold “Shred-a-Thons” across the state. All consumers are invited to drop off up to two “banker boxes” worth of documents for shredding. Shredding events are being held at:
Thursday, March 10, 10:00 a.m. – 1:00 p.m. Middletown Police Station 123 Valley Road Middletown
Friday, March 11, 10:00 a.m. – 1:00 p.m. Stedman Government Center 4808 Tower Hill Road Wakefield
Saturday, March 12, 10:00 a.m. – 1:00 p.m. Office of the Attorney General 150 South Main Street Providence
About the Office of the Attorney General Consumer Protection Unit The Office of the Attorney General Consumer Protection Unit investigates and mediates consumer complaints concerning unfair and unlawful business practices and misleading advertising arising out of alleged violations of the Deceptive Trade Practices Act. If groups of people are victimized by a deceptive trade practice, this office may file in the Superior Court a civil investigative demand, which is a formal investigation. In appropriate cases, a lawsuit to stop the illegal business practice may be initiated.
Apart from carrying out its statutory responsibilities, the Unit also provides information and referral services to the general public. Consumers are directed to the appropriate governmental or private agencies for help in answering specialized questions or resolving disputes, that are not within the Unit's jurisdiction.
The Consumer Protection Unit cannot represent small businesses in fraud cases. A security breach may cost a business attorney’s fees as top of any other monetary loss if a business seeks recoup losses through legal means.
The Consumer Protection Unit is available to speak to community groups on how to prevent being a victim of identity theft and other scams. If you believe you are a victim of consumer fraud, please contact the Consumer Protection Unit by calling 401-274-4400 or email at contactus@riag.ri.gov.
For daily consumer news and events, to download consumer fraud complaint form, or for more information, please visit www.riag.ri.gov.