Small business owners all over the country may now be growing a bit more savvy when it comes to protecting themselves from cyber threats, by taking all the right steps by investing in security and tech insurance coverage for their companies. However, criminals’ latest reaction to that trend seems to involve getting a little more low-tech once again.
Instead of conducting hacking attacks en masse, criminals are now trying to steal sensitive information or money from businesses the relatively old-fashioned way: by running phishing scams, according to a report from USA Today. For years, many small business employees across the country have been receiving emails about how their companies have been approved for loans, are being entered into contests, or being asked to sign up for free trial offers, and all of them turned out to be bogus, to varying degrees. At this point, many workers are likely pretty aware of the kind of damage these threats can do.
However, with this latest trend, it seems criminals have made additional attempts to make their emails, letters or phone calls appear legitimate, the report said. Now, instead of offers that seem slightly too good to be true, they’re making them appear far more imperative; often, the crooks say that they represent companies which will prepare – for a small fee, of course – “required” corporate records. Usually, these fees are not appreciable, falling in the neighborhood of $125 or so (though sometimes as much as $239) but could lead to significant problems, particularly if companies send their actual data in addition to forking over the relatively small fee.
“They make it very easy for someone to part with their $125,” Barbara Dobb, a certified public accountant told the news agency.
Already, these solicitations have been reported in nine states all over the country, including California, Colorado, Florida, Georgia, Indiana, Illinois, Massachusetts, Michigan and Texas, the report said. The Better Business Bureau of West Virginia also sent out a warning earlier this summer about a Michigan-based company named Corporate Records Services which had been caught sending out letters for a similar offer.
Why is this any different?
The problem with this kind of mailing versus the kinds of phishing scams companies were sent in the past is that they look extremely official, the report said. Further, because they come in the mail, that might give them a bit more apparent legitimacy, and could serve to more effectively catch unwary owners off-guard. And because they ask for money up front, as well as data including corporate documents which could include financial details or client and customer information, they could serve as a doubly-big risk for workers or entrepreneurs.
In general, small business owners should regard any unsolicited mailings they receive from any business or organization warily, and complete follow-up calls and research into any such issue, no matter how legitimate it seems. In general, no legitimate entity would contact a company out of the blue and demand payment or information without a company or individual having initiated the process in some way, and looking into the matter can only serve to clarify such a situation.
Of course, many independent owners may want to do more to protect themselves from potentially major outside threats in general, and that could certainly include small business insurance policies designed to help limit their costs when they suffer a data breach or similar incident. This kind of tech insurance may allow them to avoid financial difficulties that could put companies in serious jeopardy or even bring them down entirely.