Be cyber-secure: Beware of these business email scams
Steps you can take to defend against phishing, smishing and other forms of cyber threats

CYBER CRIMINALS SEND OUT a staggering number of phishing emails to businesses every year. They’re trying to trick employees into revealing proprietary and confidential data or taking an action that will benefit the criminals — and harm your business. They often use a tactic called spoofing — impersonating a legitimate business or person — in an attempt to fool employees into clicking a link, opening an attachment, changing account information or conducting a financial transaction. When these phishing attempts use SMS or messaging apps, they are often called “smishing.”
Clicking those links or opening those attachments can automatically install malware, which, depending on the type, could give the criminals access to your computer or device, install ransomware (in which malware infiltrates your system and cyber criminals hold your business hostage until a fee is paid), and even allow them to burrow further into your company's servers or the cloud. Let them in and they could steal your company’s confidential information and destroy the reputation you’ve worked hard to build with customers.
While the impact of such a business email compromise (BEC) can seem overwhelming, there are things you can consider doing to help protect your business, your customers and your employees from email scams. Consider these best practices:
- Avoid clicking on links or attachments from untrusted sources.
- Educate employees to identify and report emails, messaging and phone calls that may be fraudulent.
- Use confirmed contact information from within the company’s internal contact management system when verifying requests to change information or transfer funds.
- Require multiple-person approvals for account and financial change requests.
- Encourage employees to ask questions and challenge suspicious activity before acting on requests.
For tips on what to do if you think your business has experienced a cyber event, download “Cyber-security checklist: Consider taking these steps if your business has been targeted,” and share it with your employees.