By now, most of us are getting pretty savvy to phishing attempts to our personal email accounts.  Most of them end up in our deleted folder, never to be seen from again.  For those of you who need a quick refresher course on “phishing”…they’re emails from fake companies that appear to look like they’re from our bank, the IRS or a legitamate company.  The scammer then asks us to “click” on a link directing us to a page to “update our personal information” for their records.  But what you are realling linking to is a fake website that captures your information and uses it to defraud you.

Now the Rhode Island Attorney General, Peter Kilmartin is warning small businesses to be on the lookout.  According to a press release sent to Call 12 For Action, Kilmartin says, “These days con artists have new ‘phish’ to fry.  Often using publicly available information about small businesses – including non-profits and government offices – they craft messages tailor-made to sound legit,” said Attorney General Kilmartin. “But, when a business recipient clicks on a link in what appears to be a familiar sender, fraudsters install malicious software that ransacks computer files in search of corporate account information.  Once the account is compromised, the crooks can issue counterfeit checks, wire money to partners in crime, and drain a company’s assets.”

The good news, businesses can protect themselves by following some simple steps: 

1)  Educate your employees. The oldie-but-goody advice still applies:  Don’t respond to messages at the office that ask for sensitive information.  And don’t open attachments or click on links in unsolicited email.

 2)  Enhance the security of your computer and networks.  Limit the number of computers that are used for online banking and payments. A workstation authorized for that purpose shouldn’t be used for general web browsing or emailing.  Install routers and firewalls to prevent unauthorized access.  Keep your anti-virus and anti-spyware software up to date.  Talk to your IT staff to make sure your default settings give you as much security as possible.

 3)  Enhance the security of your corporate banking practices. Talk to your financial institution about services that can help protect your company from altered or counterfeit checks or unauthorized ACH transactions.

 4)  Set up systems to detect fraud at the earliest stage. Monitor and reconcile your accounts at least once a day.  Talk to your financial institution about identifying activity that looks out of the ordinary for your company.  Investigate sluggish networks, unexpected rebooting, a new homepage, unfamiliar toolbars, or unusual pop-ups.

 5)  Move fast if you detect suspicious activity. Disconnect the computer from your network, including wireless connections.  Contact your financial institution immediately to disable online access.  Review all recent transactions and electronic authorizations on the account.  Make sure no one’s added new payees, requested a change to your address or phone number, changed existing wire or ACH template profiles, changed PIN numbers or ordered new cards or checks.