How to Protect Your Business from Phishing Scams

Phishing crimes are on the rise – here is what employers need to know

PhishingPhishing scams cost the United States half a billion dollars each year. From direct deposit scams to fraudulent PDF files, there has been a shocking rise in these email phishing scams. Indeed, Microsoft’s Security team reports that these malicious phishing emails have increased by a whopping 250 percent.

So, what do employers and employees need to know in order to protect themselves from these scams?

First, it’s crucial that you educate everyone on your team about phishing scams and how to make safer choices online.

“It’s important to understand that it is not enough to simply be aware and cautious when it comes to your own online behavior,” says Rob Wilson, President of Employco USA and human resources expert. “Your entire company can be negatively impacted across the board if just one employee gives up access to your Office 365 account or similar program. Once the phisher has that foothold, they have access to an entire wealth of information, and they can then use this position of power to gain access to more info and phish other people on your team.”

Second, talk to your human resources and payroll team about how they should never make changes to an employee’s direct deposit paycheck or other benefits without every appropriate form being submitted and verifying the person’s identity.

“Direct deposit scams are on the rise because it is so easy for a person to find the email addresses of H.R. personnel and other pertinent employee information,” says Wilson. “Then, the phisher can send an email asking for their paycheck to be deposited into a new account—and by the time the scam is discovered, the money is long gone.”

To this end, Wilson also suggests using caution when it comes to making your employees and their job positions too transparent on the company website, but especially on LinkedIn.

“Make sure your employees and managers understand that LinkedIn isn’t a ‘safe’ site just because it appears professional,” says Wilson. “Phishers can attack LinkedIn users the same way they can ‘catfish’ users of dating websites. It may be a website for professionals but that doesn’t mean that every email or message is safe to open or click through, especially if you have no clue who the individual is.”

For more on this topic, please contact Rob Wilson at rwilson@thewilsoncompanies.com.