Small Business Phishing Scam Alert: How to Protect Your Business from Internet Theft

As a Virginia small business owner myself, I have to be constantly on guard against a host of risks to my business. Customers not paying, keeping up with bills, ensuring the quality of our services, marketing for new business.

Like most small businesses, I do a lot of internet marketing for new business leads and to get our name out into the community. I used to think that I couldn’t afford a state of the art protection system for my online presence. If not, you have to rely on your computer system’s antivirus, anti-spam, and firewall programs and your staff to not make stupid blunders while using the internet.

What are you doing to protect your business from internet scams? Let me know your ideas, and here are a list of my Top 10 “DON’T DO’S” for my staff and me to remember while using the internet:

What sort of blunders could cost you money by simply using the internet? Here is our top 10 DON’T DO’s:

  1. Giving out your user names and passwords to anyone, even your staff. You should have a password protection and auto-fill system in place to prevent spyware from tracking your keystrokes and stealing your passwords. Once enabled, you set the passwords, and they are forever hidden from your staff and outsiders trying to pry into your secrets!
  2. Giving out links to your internal network locations. Every business needs antivirus systems and firewalls to prevent unauthorized access from outside your office into your computer system. And, NEVER store your passwords or user names on internal computer files, where the file can be hacked and stolen.
  3. Not having a firewall to prevent phishers from freely accessing your internal network.
  4. Failing to install offsite email spam filter systems. They are both cheap and effective!
  5. Clicking on links in emails or other websites “because they are there”. Never trust a link you don’t know, and never click a link from an unknown email sender. These links usually contain keystroke recording systems that will allow remote users to capture passwords and user ID’s, as well as other sensitive data. Customer lists, sales records, you name it. The Chinese would love to know who your customers are and how much you sell them. Then, outbid you on the next competitive bid process, or just steal your customers overnight.
  6. Giving out your bank information to allow others to wire funds to your business. This is an invitation to unlawful withdrawals as well as deposits. Outsiders would love to know how much money you have on hand, and steal it by an untraceable wire from your bank to a Russian account where you can’t get the money back. This happens frequently, even in our local area.
  7. Not implementing a withdrawal approval system with your bank. Ask you bank to send your list of daily checks and withdrawal requests to you daily for review and approval before payingANYTHING by EFT, ACH, or wire.
  8. Not checking your personal and business credit report regularly. Doing so prevents phantom accounts and balances from accumulating on your credit. You only get 60 days to contest unlawful charges under federal credit protection law. Better have a system in place to contest unlawful accounts and charges.
  9. Allowing others to goad you into visiting unknown or untrustworthy internet sites. Don’t know the site? Just say NO!
  10. Don’t leave computers on while not in the office. Anybody, from cleaning crews to burglars, can access your system and send or accept phishing messages and steal passwords and user ID’s when the systems are left on while unattended in your office overnight or on weekends.

According to the FBI, the latest scam to hit small businesses who regularly use the internet involves the program known as “Citadel” malware. It is also used to bully consumers into thinking that the FBI itself is investigating their illicit online activity, and then for a small fine paid online, they will “let you go”. Here is the official FBI warning:

11/30/12—A new extortion technique is being deployed by cyber criminals using the Citadel malware platform to deliver Reveton ransomware. The latest version of the ransomware uses the name of the Internet Crime Complaint Center to frighten victims into sending money to the perpetrators. In addition to instilling a fear of prosecution, this version of the malware also claims that the user’s computer activity is being recorded using audio, video, and other devices.

As described in prior alerts on this malware, it lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States Federal Law. The message further declares that a law enforcement agency has determined that a computer using the victim’s IP address has accessed child pornography and other illegal content.

To unlock the computer, the user is instructed to pay a fine using prepaid money card services. The geographic location of the user’s PC determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.

This is not a legitimate communication from the IC3, but rather is an attempt to extort money from the victim. If you have received this or something similar do not follow payment instruction.

It is suggested that you:

  • File a complaint at www.IC3.gov
  • Keep operating systems and legitimate antivirus and antispyware software updated; and
  • Contact a reputable computer expert to assist with removing the malware.

The FBI has a lot of good resources on how to protect your business from online scams and phishing schemes. Here is a list of the basic anti theft and anti scam protections that every business should have in place:

Below are some key steps to protecting your computer from intrusion:

– Keep Your Firewall Turned On: A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.

– Install or Update Your Antivirus Software: Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users’ knowledge. Most types of antivirus software can be set up to update automatically.

– Install or Update Your Antispyware Technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It’s like buying groceries—shop where you trust.

– Keep Your Operating System Up to Date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.

– Be Careful What You Download: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don’t know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.

Turn Off Your Computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection—be it spyware or a botnet that employs your computer’s resources to reach out to other unwitting users.

Have you or your business been hit with fraudulent financial activity or scams? Too late to contest fraudulent banking or credit activity? Contact The Strong Law Firm today for a confidential analysis of your financial problems. From bankruptcy to credit protection and Credit Improvement programs, we offer fast solutions and concrete help to those hit by adverse financial events.