Young IT engineer standing near servers in data center

Keeping Your Business and Customers Safe Online

October 2, 2023

​There are many things to remember when it comes to the internet. The most important would be "If it seems too good to be true, it probably is." People have been scamming others since the beginning of time. While the internet and new technology have been a good thing for the world, it's never been easier to scam others. 21st-century con artists have a wide variety of tools they can use to pull off their crimes without ever leaving their house. Hackers and scam artists can wreak havoc on large and small businesses.

Fortunately, scams are easy to avoid if you know what to look for. Read on for some tips about how to recognize and avoid internet cons.

Common Sense Wins

Scams come in all shapes and sizes, so you'll need to be on the lookout. Here are some common types of scams you might encounter online. This is by no means a complete list, but it should get you started.


Phishing

Phishing is a very common type of online scam in which the scammer tricks another person into giving away their personal details online. Once scammers have the information they need, they can do their damage. "Classic" phishing is done by email, but it can also be done through other methods, such as phone, text messages, and social media.

To win the victim's trust, scammers pose as a legitimate entity. This can include a bank, credit card company, university, PayPal, or even the IRS. Usually, scammers will send a message with a sense of urgency. They will get your blood pumping by telling you to act as soon as possible. This is often paired with a threat, such as your account being locked or deleted. They will urge you to click a link to avoid the "threat." This link usually leads to a fake website where you will be told to enter personal information or account details.

These fake messages can be hard to tell apart at a first glance. Scammers will do everything to make the email and website look real. They will design their emails to look exactly like an official email. Their fake sites are carefully crafted to look like the real thing. In many cases, the email and fake site will look almost exactly like the one they're imitating. Here are some of the methods they use to disguise their emails and websites:

  • Changing the link text in the email to hide where they're actually taking you.
  • Using email addresses that look like the "real" ones with minor changes. (E.g., [something]@mazon.com instead of @amazon.com)
  • "Spoofing" the email address. This is a way of altering the "from" box so that the email looks like it came from a different address than it actually did. If the scammers are running the con by phone, they can spoof caller ID as well.
  • Using domain names that are misspelled or have minor changes from the "real" website (E.g., "paypaI" with an uppercase "I" - as in "I am" - instead of a lowercase "L."). This is called typosquatting.
  • Using URL shorteners like Bitly to hide link locations.
  • Using misleading subdomains to hide the fakeness of the site they're sending you to. A subdomain is simply a sub-section of a domain name. For example, in https://en.wikipedia.org, "en" is the subdomain. Speaking of Wikipedia, it gives a good example of a fake site with a misleading subdomain.

Phishing is one of the oldest tricks on the internet. Unfortunately, people still fall for it today. When using email, stay on the lookout for these tricks. For more information on Phishing, read this flyer from National Cybersecurity Safety Month.


Job Scams

Looking for new employees online has grown dramatically over time. It's hard to imagine a search for new hires without Monster, Indeed, and other job boards. People may be leery of giving to much information in an on-line application.

In a job scam, the scammer poses as an employer. They will post fake job ads on job board sites or spread the scam via email and social media. Some scammers even set up entire fake job boards or employer sites. These scams often appear as a "work from home opportunity" or offer a huge return for small efforts. If you are posting a job for an on-location position, discuss the possibility of flex time or working from home options once you interview the potential hire.

Here are a few more red flags that may cause a potential hire to be cautious:

  • The "employer" wants to hire you on the spot. Don't you normally want to interview the person first?
  • Offering a job or interview to which they didn't. LinkedIn may be the exception to this item, as they make suggestions of "soft-leads" based upon profile keywords.
  • The job posting, email, etc. is full of errors. Whatever you post on the internet should be a positive representation of your company.
  • The potential hire is required to pay money to start working there. Legitimate employers may charge for a background check, but 99.9% of the time, all costs are covered by the company.

When you post openings on job boards, be sure that they look official and professional. If your postings look "sketchy," it's unlikely for job seekers to trust them.

Keeping Customer Information Secure

In these days of e-commerce, you must be diligent in the security your company uses to accept payment and retain customer information. Large companies like Target, Bank of America, Yahoo, and Equifax have all succumbed to data breaches that cost millions of dollars to remediate.

Here are some tips to keep your client data secure:

  1. Annually audit your security protocol.
  2. Encrypt any emails that include financial information.
  3. Install locks on file cabinets, and passwords on computers.
  4. Secure your Wi-Fi network with strong passwords. Keep a separate guest network.
  5. Maintain internet security software.
  6. Keep regular backups, physically and in the cloud.
  7. Limit client data access to company devices.
  8. Monitor the business credit bureaus.

If you don't have a budget for full-time Information Technology (IT) employees, consider having an on-call IT service to help with any issues that may arise from an employee accidentally clicking where they shouldn't. Read this flyer for more tips on keeping information secure in the workplace.

Accepting Credit Cards

Accepting credit cards in a store is different than accepting them online or by phone.

In-person transactions may require a point-of-sale machine or a scanner for your smart-phone. Be aware of the costs associated and the current regulations regarding these tools. You can look to companies like Square, Stripe or BitPay. Check with your bank to see if they offer a credit processing option. Or create a business PayPal account if you don't accept credit card payments often but want to offer it to your customers as an option.

General Tips to Avoid Scams

Because there are so many types of scams, dealing with them is another subject altogether. Avoiding each type requires a different set of behaviors. Because of this, discussing all of them would be beyond the scope of this article.

However, there are a few tips that apply to all scams, no matter what. Here are some general tips for protecting yourself and your customers:

  • Don't trust an email just because it looks real. If an email seems fishy, it helps to do some Googling first to make sure it isn't fake.
  • Don't click links in an email. Instead, log into the real website directly or contact the organization. The only exception is if you're verifying your account on a site you just signed up for.
  • Be wary of short URLs. Many legitimate companies use these on social media, especially ones with character limits. However, social media is a popular tool for scammers. If you have to click on a short URL, it helps to run it through a URL expander first. This way, you know exactly where the link goes.
  • If you're suspicious about a site, check the entire domain name instead of just the beginning. It's helpful to take a look at Wikipedia's list of top-level domains. That's because domain names always end with a top-level domain such as ".com, .org, .net, .gov, or .edu." Remember that it must end with one of these. There's nothing stopping scammers from using "com" as a subdomain.
  • The IRS will never email you or call you. If you get an email claiming to be from the IRS, ignore and delete it.
  • Microsoft will not call you to tell you there is a problem with your computer.
  • It's unheard of for actual businesses to ask for customers' Social Security numbers. If an email or website asks for yours, that's a huge red flag.
  • Don't trust emails or other messages asking you to wire money or send personal information. Check
    Snopes.com
  • Don't trust any online message saying you've won a contest or a giveaway you didn't enter.
  • Last but not least, trust your gut. If something "just doesn't feel right," that may be a sign it's not.

Identity Theft

If you fall for a scam, you might be at risk of identity theft. For more information on what identity theft is and how to deal with it, check out our identity theft article.


For more tips on how to be secure online, read this flyer.


Sources


https://www.accountingtoday.com/opinion/7-tips-for-keeping-client-data-secure

Home / Articles & Tips / Keeping Your Business and Customers Safe Online

Videos