April 02, 2015

Do Not Get Fooled - Latest Scam Follows Data Breach

What was your April Fool’s Day like? Were you the prankster... or one of the ‘April fools’?

Of course, April Fool’s Day is a long-time tradition with tricks and harmless scams done in fun.

It’s a different story though when a person gets scammed by a professional. These criminals are highly organized and getting scammed by one of them usually ends up costing a lot more than pride.

According to the 2014 Consumer Sentinel Network Report published by the Federal Trade Commission, over 1.5 million complaints last year were fraud-related. Those fraud complaints ended up costing consumers over $1.7 billion; the average amount paid was $498.

Almost half of the consumers who complained also reported the method of initial contact – 54% said it was a phone scam, 23% said it was e-mail phishing, and 4% of those consumers reported mail was the initial point of contact.

So what’s the latest scam making headlines – and headway?

Right now consumers are being warned about a phishing scam that follows a big data breach. Cyber criminals use information they have just stolen to phish for even more information.

A data breach last year at TalkTalk, one of the largest British internet service providers, is a good example. In the initial data breach, cyber thieves got customer names and account numbers. Then they used that information to phish for more information, according to this Wired report. TalkTalk customers thought they were getting contacted by customer service staff but it was a scam and they were tricked into giving out bank details or signing up and paying for security software and services they didn’t need.

This example illustrates why companies who have experienced a breach must notify customers and other individuals that may be involved. It also highlights the importance of putting safeguards in place.

Here’s what every business can do to reduce the risk of getting scammed:

  • Introduce a culture of security from the top down. There should be a workplace security policy that follows compliance standards and provides secure document management procedures.
  • Keep everyone up-to-date about current email phishing and other top scams. Popular scams aimed at businesses include Fake Billing, Internet Domain Name Expiry, and Directory Listing/Unauthorized Advertising or Goods scams.
  • Teach employees security awareness skills. For example, never give out or update information about the business unless they know what the information will be used for and by whom. Create a list of authorized vendors and suppliers. Limit the number of employees who make purchases, and have clear procedures for verification, payment and management of accounts and invoices.
  • Create a specific policy for the mobile workforce. According to the Little Black Book of Scams mobile phone scams include Ringtone scams (free or low-cost ringtones that aren’t) and Missed Phone and Text Message scams (when you call or text back, you’re charged premium rates).
  • Keep only the confidential information that your workplace needs to keep. Partner with a document destruction company that brings document shredding best practices to the workplace – and securely destroys confidential information in digital and paper form when it is no longer needed.

Click here for common misconceptions about information security and tips that you can use.