If a consumer falls victim to a phishing scam that falsely involves your company’s name, they may look to you for guidance on the next steps to take. Offering immediate advice and support can help you retain the client’s goodwill you have worked so hard to gain, develop, and retain.
How should you respond if your business is impersonated in a phishing scam?
- Notify consumers of the scam. If you are alerted to a phishing scam where fraudsters are impersonating your business, inform your clients as soon as possible. If your business has a social media presence, announce the scam on your social media sites and warn clients to ignore suspicious emails or texts purporting to be from your company. You can also inform your clients of the phishing scam by email or letter. The important point is to remind your clients that legitimate businesses like yours would never solicit sensitive, personal information through insecure channels like email or text messages.
- Contact law enforcement. If you become aware of a phishing scam impersonating your business, report the scam to the FBI’s Internet Crime Complaint Center. Suggest that affected clients forward any phishing emails impersonating your business to the Anti Phishing Working Group , a public-private partnership against cybercrime. Consumers also can file a complaint with the FTC.
- Provide resources for affected consumers. If consumers believe they may be victims of identity theft because of the phishing scam impersonating your business, direct them to IdentityTheft.gov where they can report and recover from identity theft. For more information about recommended computer security practices, direct consumers to resources on the FTC’s consumer information site where they can learn how to protect themselves online and avoid phishing attacks.
- Use the episode as a reminder to update your security practices. Data security is not just a one-and-done checklist. Threats are ever evolving, so your defenses need to be nimble too. For information on securing sensitive customer information, be a frequent flyer on the FTC’s data security portal. Follow case developments and read publications designed for companies of any size and sector, including Start with Security and the recently refreshed Protecting Personal Information: A Guide for Business. Pressed for time? Pledge two minutes a day to watch a video from the FTC’s resource library for businesses.
Our relationships with our community members are important. If you suspect you are involved in any fraudulent activity regarding our services at Sourcewise, contact us immediately.
If you are interested in learning more about phishing scams related to legitimate businesses, we encourage you to speak with a Community Resource Specialist: (408) 350-3200, option 1.