When you're a small-business owner, you have to be careful about what you publish on social media sites, lest you face a lawsuit over advertising injuries. Plus, you don't want to create a bad impression, so you probably avoid posting those pictures of your drunken beach vacation three years ago.
But even if you only use your profile to publish pictures of your Pomeranians (no judgment here – who doesn't like dogs?), your business can unwittingly be the target of new-fangled phishing scams thanks to the heap of information available on your social media profile. Luckily, you don't have to be a tech wizard to protect your business from these schemes. You just have to know what to look out for.
Sophisticated Scamming Meets Social Media
According to a report by Advisen, the Internet Crime Complaint Center (IC3) tracked specific phishing emails used to generate fake wire transfers. The following scams use the data available online or on social media sites to glean information about the targets:
- The Fake Invoice. In this hack, fraudsters send the business a phony invoice from what appears to be a real supplier. They ask for a wire transfer to an account owned by the crooks.
- The Masquerade. This scheme involves criminals sending urgent wire transfer requests from executive email accounts. Because the message comes from a legitimate high-level account, the recipients may not question the legitimacy of the request.
- The Employee Ploy. Criminals hack lower-level employees' email accounts to access their contact lists and pinpoint the vendors they deal with for work. They use the account to send money transfer requests to those vendors and direct recipients to send the money to crook-controlled accounts.
If you and your employees have social media profiles that display work information, a sophisticated crook may learn…
- Business email addresses and phone numbers.
- Which "friends" are actually business associates.
- Which people are top-level executives at the business.
- Which people handle invoices.
And the business scams are surprisingly effective. IC3's data showed that last year, 1,198 US victims fell for these scams to the tune of $179 million in losses. Just this month, we found out about a scam that hit the country’s 55th-largest company.
The Lesson: Be Careful Who You Befriend on Social Media
Even if you use privacy settings on your business's social media profiles and your employees do the same, scammers can still find ways to dupe you. For instance, they may send a friend request to your business's Facebook account. If your aim is to grow your small business, you're probably not in the habit of turning down connections.
But that's where the danger lies: if you don't know the person, they could be requesting the connection simply to access your information. And you've seen what a clever fraudster can do with your data. They can craft a convincing email that ends with you losing money.
Fortunately, there are some easy steps you can take to minimize the chance of your business being targeted by a phishing scheme:
- Be careful about the information you post online. This includes your business's social media pages and your website. Job descriptions on LinkedIn and organization charts can be especially helpful to hackers, so don't give them the advantage.
- Be picky when accepting friend or connection requests. If you don't know the person but you don't want to risk losing a connection with a prospective client, use your social media account's privacy settings to filter what information the new "friend" can see.
- Train your employees on the various scams. As we mentioned earlier, knowing is half the battle. Inform your employees about ways crooks can target them with phony emails and show them how to keep their data safe on social media sites.
- Develop business-wide protocol for handling invoices. If a request deviates from the way invoices are typically handled, your employees can spot the red flag and take measures to authenticate its legitimacy.
The real takeaway here is to not get blindsided just because you're busy. The extra time you take in vetting your networking connections can reduce your small business's exposure to scams. To learn more about protecting your business's data, check out the post, "Top 8 Data Breach Misconceptions."