By Small Biz Guy
Dorothy had only to worry about lions and tigers and bears. In the new business world of the Internet and emails, you and I have to worry about terms we’ve never heard about or terms we thought were associated with colds, fevers, or processed pork.
In today’s environment of ecommerce, ebusiness, and electronic communication, we small business owners – like it or not – have to learn about and guard against some new threats to our company and our financial well-being: phishing, spam, dark mailers, drive-by data hijacking, site cloning, viruses, spyware, bugs, and scammers, to name a few. In this article, we’ll focus our attention on four electronic threats that would be on anyone’s top ten list.
Unfortunately, some of these terms are not easily understood and many of us have navigated Internet waters without all of the tools and knowledge we’ve needed to have a safe journey. So, from the perspective of one small business owner to another, here is what some of the new tech terms mean to those of us who are the backbone of California’s economy.
Somewhere in the world, as you read this, low-life techies who would rather steal your money than earn it, or who delight in causing world-of-work misery, are busy writing “malicious code.” This bad code simply put is a computer program or set of instructions that is trying to get you to let it enter your computer system. Once there, the “code” comes to life and begins doing its dirty work. If it is successful, it can copy and transmit all of your private and sensitive data. It can steal your identity and your client’s credit information. It literally can take over the operation of your computer. It can do this so quietly and expertly, that you may never know it was there or only find out weeks later. By some estimates, 250-300 new viruses per day are created and released into the electronic world. Virus fighters have identified tens of thousands of viruses over the past few years.
Action: Get a trusted virus protection program that features live updates so that daily protection against new malicious code is downloaded to your computer just as soon as it is created. Schedule daily virus checks, particularly if you are accessing the Internet frequently or you receive daily emails that contain attachments. Your virus protection is only as good as it is “current” and “used” by you.
Basically, spam email is akin to receiving junk mail in your physical in-basket at work. For the most part, it is unsolicited, mass-produced, mass-disseminated communication (spamming) designed to get you to buy something or take some action. If you ever filled out a card to “win that car” at the mall, or subscribed to a magazine, entered a sweepstakes, or entered your name and/or email address on some form requested by some company (except those few industries prohibited by law from sharing your info without your consent), your email has been captured on a huge list and has been sold probably thousands and thousands of times to list vendors and marketers. For as little as a couple of hundred dollars, some list vendors can give access to up to 100 million email addresses, and chances are that your email is on that list. In another article in this series, we’ve described how to spot the fake and devious emailers, so let’s just be mindful of how dangerous it can be to do business with a business entity that has reached you only by email, that often has no local address, and you can’t even determine if the business is located in this country.
Action: Most legitimate ISPs (Internet Service Providers, e.g., AOL, Earthlink, etc.) offer spam filtering and allow you to chose levels for how aggressive you want that filtering to be. If your ISP does not provide spam filtering, there are a variety of companies that provide spam detection software, featuring live updates, in the $20 - $40 range, as stand-alone products or as part of a protection suite of software titles. Get spam filtering, use it at least at the “medium” setting, and use the live update feature to ensure the very latest protection. At minimum, this software will save you hours of time not having to open and read through what may well be hundreds of spam email monthly or weekly.
In this physical world, we’ve heard about con artists, grifters, and shysters who try to run scams on decent, unsuspecting folks. The Internet world equivalent is scam emails and messages. The goals of slick grifters and scam emailers are the same…to fool you into sending them money, buying something you will never receive, or worse yet, gaining access to your financial or identity information. The adages of “nothing is free” and “if it sounds too good to be true, it isn’t” apply here. In some flea bag Internet café in a distant land, young men and women – around the clock – are sending messages to millions of email account holders pretending to be widows, surviving children, bank inspectors, account trustees, et al, who need your help (and are willing to pay a handsome fee) to get money out of the country, invest funds in American companies, or use your good judgment to make gifts to worthy charities. Other losers are pretending to be court officials trying to reach you to settle an estate directive from a very distant relative who died tragically and left you tons of money. Still other liars are posing as corporate executives or lotto officials needing to reach you with the good news of your selection for the grand prize. A great majority of scammers simply try to sell you cures for this and that or products for pennies on the dollar. All these folks need is personal history and contact information to verify that it is you, or bank account numbers to wire winnings, or credit cards to process your purchase. These computer criminals know that the vast majority of folks won’t fall prey to their scams, but some will. Even if only 1 in 1,000,000 believe enough to help the “bank official” get money out of the country, doing a blanket mailing to 100 million emails will yield 100 lambs for the slaughter. If only 1 in 1000 people respond to the scam email to purchase cheap meds printer toner, the bad guys just got access to 100,000 credit card numbers.
Action: Get scam protection software (offered by your Internet service provider, available from online reputable software-as-a-service vendors, or in-the-box at a large retailer), and use it. Buy local, where possible. Absolutely don’t send anyone online any personal/business/contact information and only make credit card purchases from reputable online stores that provide corporate contact information on their site (and make sure to call them to confirm they are real).
Perhaps the worst, most dangerous form of scam email is the type referred to as phishing. Just imagine how someone fishing in a stream repeatedly throws a line out to float across the water, loaded with a hook covered by bait. He or she is waiting patiently to see if they get a bite, if they can lure that unsuspecting fish to go for the bait. This is the premise of “phishing.” In its basic form, it is email, messages, or websites deceptively packaged to make you believe that it represents a trusted, legitimate source. The goal is to get you to transmit personal information, sensitive financial data, or private account passwords because you believe the site is genuine and the message to be official. You may open your email a few minutes from now and there is an urgent message from your bank to “Account Holder.” Let’s say that you are a Bank of America account holder and the scammer got lucky by sending you an email professing to be from Bank of America. The email looks like it is from Bank of America, with red and blue colors, the B of A logo, a notice that the bank is FDIC insured, and other embellishments. It tells you that there has been suspicious activity in your account, or that routine maintenance had identified a security problem, or any of a number of issues and informs you that your account access has been suspended until you “click here” to be taken to an official site where you are asked to “reconfirm” your account name, number, and password in the boxes provided and then to hit “send or enter.” Or, it could be your insurance company, workers’ comp provider, PayPal, or ISP…all indicating a problem that requires you to re-enter your confidential information. They all look real, but there are ways to know what is real and what is a phishing scam.
Action: No legitimate company with whom you have an account will refer to you in the generic manner of “Dear Account Holder” when they know your name and account information. No legitimate financial institution will ever ask you to provide any sensitive, private information via an email or by redirecting you to a “company” website. The rule of thumb: Unless the message refers to you by your name and refers to a specific account type with some descriptor (such as the first or last characters or numbers of your account or the zip code of record for your account), put up your guard and consider it phishing. To be sure, call the bank or company’s phone number listed in the phone book (not in the suspect email), ask to speak to a service representative, share with them the content of the email, as ask about its legitimacy. As a rule, never, ever, never send personal, financial, or password information via the Internet in response to an email.
Viruses, spam email, Internet scams, and phishing are today’s electronic equivalents to bad checks, shoplifting, and customers who don’t pay their bills. Armed with a better understanding of these terms and what actions to take, we can do a lot to safeguard our small businesses.
