Harrisburg, PA – Following the Equifax data breach in September, Secretary of Banking and Securities Robin L. Wiessmann today advised businesses to examine their internal cybersecurity protocols.
An area of growing cybersecurity concern for businesses is the occurrence of business email scams or business email compromise. These cyber threats target employees who have access to financial or sensitive information, impersonating a trusted partner and often requesting a wire transfer or payment.
The department has published a new reference guide [http://www.dobs.pa.gov/Documents/Publications/Handouts/Business%20Email%20Scams.pdf] to help businesses better understand business email scams and what they can do to protect themselves.
“Cybercriminals and scammers are continually becoming more sophisticated and savvy in the ways in which they target consumers and businesses,” Wiessmann said. “Businesses must remain vigilant in their cybersecurity procedures, not only to protect their own sensitive and financial information, but to shield that of their customers and clients.”
Businesses can use the following guidelines to help protect themselves from becoming the victim of an email scam:
- Examine email addresses closely. Scammers may spoof emails to look very similar to a legitimate person’s address.
- Never transfer money without confirming the request, by phone or in person. Whether it is a matter of walking down the hall to the CEOs office, or contacting a colleague via phone, confirmation from the person requesting the transfer can protect your company.
- Do not use links or phone numbers provided in the email. Contact your trusted partners and colleagues using known contact information.
- Think before you click! Do not open attachments or links until you have verified them.
- Utilize your IT resources. Work with staff to flag emails with similar extensions to your organization’s or create other flags and filters.
- Implement two-factor or multi-factor authentication with sensitive information and funds. Require a second (or multiple) staff members to review and approve requests for fund transfers.
If you are the victim of a business email scam, you can contact the following resources for assistance:
- Your financial institution. Request that they contact the financial institution receiving the transfer
- Your local FBI field office https://www.fbi.gov/contact-us/field-offices
- Pennsylvania Attorney General: email@example.com
- File a complaint with the FBI’s Internet Crime Complaint Center (IC3) – https://www.ic3.gov/default.aspx
- File a complaint with the Federal Trade Commission (FTC) – 1-877-FTC-HELP https://www.ftccomplaintassistant.gov/#crnt&panel1-1
- Pennsylvania Department of Banking and Securities – 1-800-PA-BANKS