Business
What Businesses Should Know About Phishing Scams
August 14, 2024
Phishing is a scam that targets businesses and consumers via email or text by pretending to be from a well-known source. These scammers try to pretend they are an online banking provider, your financial institution, the IRS, or a popular online retailer, to name a few examples. Direct financial loss from successful phishing attacks has been increasing in recent years, so it is important to be aware.
Things to look out for in messages:
- Links and attachments in messages you were not expecting to receive
- They’ve noticed suspicious activity or log in attempts and tell you to click on a link
- Your payment is late, and they direct you to click on a link
- They provide you with a new invoice with new payment instructions
- Claim you are eligible for a refund
- They ask you to verify personal information
- Click on the message address to see the true sender
- Misspelled words or improper grammar usage
Let’s see an example:
This is a fraudulent email message which tries to trick you into clicking the link, this time by claiming that there is an issue on your account.
How do you stay safe? Do NOT click the link.
Businesses can take several measures to avoid falling for phishing scams:
- Businesses should conduct regular employee training to educate their team on how to recognize phishing emails, including checking sender addresses, scrutinizing links before clicking, and being cautious about sharing sensitive information
- Implementing email authentication protocols like SPF, DKIM, and DMARC can also help in filtering out fraudulent emails
- Utilizing spam filters and security software can provide an additional layer of protection
- Encourage a culture of questioning changes and adhering to verification processes, employees should be encouraged to double-check suspicious requests. Verifying information via other means of communication, can also be beneficial
- Implement multi-factor authentication to add an extra barrier against unauthorized access
- If you are ever in doubt, sign on to your provider’s website (not via the sent link) and look to see if you have messages, or reach out to the provider and verbally verify it was a legitimate email or text message (not via number provided in the email)
Regularly updating and patching systems and software so it can deal with new threats
If you are unsure about an email or text that appears to be from Suncoast or another financial institution, it is best to check with the organization directly through their public contact information.
Treasury Management: Fraud Protection Tools
Suncoast’s Treasury Management solutions provide robust fraud protection tools, empowering commercial businesses to safeguard against internal, external, and cyber fraud threats.
Here are a few additional points to keep in mind:
- Suncoast will never ask for your complete account number, PIN, CVV code, or full social security number in a text or email
If you aren’t sure if a text or email is legitimate, do not engage with it and reach out to us directly through our usual channels
If you have been a target or are concerned you may have been a victim of a scam, please send an email to: abuse@suncoastcreditunion.com
Category
Business
Tags