With subject lines such as “Suspicious Account Activity” or “Confirmation Required,” phishing e-mails easily trick people into providing sensitive information to hackers. Besides harming the consumer who falls victim, phishing scams, which use legitimate company names, can harm the reputations of businesses. It is imperative that businesses learn how to prevent these phishing e-mails.
As a result, the Federal Trade Commission (FTC) provided guidance this week to assist businesses targeted by phishing scams. While the FTC has provided advice to consumers about avoiding phishing scams, this marks the first time the FTC has advised businesses on how to respond to such scams.
According to the guidance, if a company discovers that they are being impersonated in a phishing scam, it should immediately report the scam to the FBI’s Internet Crime Complaint Center and notify customers as soon as possible. Companies should consider using their social media sites, e-mails or letters to announce the scam and warn their consumers to be cautious when opening suspicious e-mails. Additionally, businesses should be prepared to provide resources to affected customers, such as directing customers to the FTC’s website.
Businesses should also encourage affected consumers to forward any phishing e-mails to the Anti-Phishing Working Group, an international conglomerate that brings affected businesses together with security companies, law enforcement agencies and other entities to help fight against these threats.
Further, businesses should make sure that their security systems are up-to-date. The FTC suggests regular visits to the FTC’s data security portal to read about updates or current events.
This guidance comes during National Consumer Protection Week. For the full FTC guidance, please visit their website.