Small businesses become a target for hackers

While technology and ease-of-use Web access is expanding, so are the ever-growing bands of thieves, hackers, and scammers. No matter what you want to call them, they may soon be calling themselves by your name as they rip you off.

Employing sophisticated schemes to swindle our identities, these raiders have hacked even the most iron-clad security software, infiltrated the most guarded email inboxes, and stolen banking and credit card account details in the middle of the night. No longer selectively attacking individuals, they’ve now turned to small businesses as well.

Thieves are getting much more adept at disguising these schemes, cleverly shrouding identity theft scams that try to trick victims into revealing confidential business information that can be used to access their financial accounts. Some email scams contain attachments or links that, when clicked, download viruses that infect your computer and worms that collect your personal data, including passwords. These scams aren’t limited to email; in fact, many people receive them via phone, text, fax, Internet, and social networking.

These scams have expanded to prey on unsuspecting taxpayers and business owners by impersonating governmental agencies in an effort to fraudulently elicit financial information. In fact, the Office of Professional Responsibility (OPR), which reports directly to the Attorney General, recently issued a new warning for employers that IRS impersonation and phishing scam emails are at an all-time high and are expected to increase during filing season.

One particular email claims it is from the IRS or OPR and contains instructions for you to obtain a new employer identification number (EIN), along with a link that may direct you to a bogus form or site posing as a genuine IRS form or website. Since the IRS or OPR doesn’t send taxpayers unsolicited emails about their tax accounts, you can safely assume it’s a scam.

If you receive any emails claiming to be from the IRS or OPR, it’s important that you do not open any attachments or links. Report the incident to phishing@irs.gov, attaching the suspected email to your report to preserve information they need to investigate its origins.

Think you can’t be fooled? Whether impersonating a government agency or a financial institution, they may be able to swindle you as they have thousands of others:

• You receive an email looking as if it came from your bank, the IRS, or FAA that is marked as “urgent.”
• The email says that you must “verify” or “re-submit” personal or confidential information by clicking on a link embedded in the message immediately.
• You click on the link provided in the email and it takes you to what appears to be the website of your bank, IRS, or FAA. The website actually belongs to the scammer.
• You’re asked to provide Social Security numbers, EINs, passwords, or other information used to identify your business.
• Once you’ve provided the information, thieves can begin to access your accounts or even assume your identity.
• You attempt to file your taxes expecting a refund, only to find that a request has already been processed to refund your quarterly payments, and the refund has already been mailed to a strange address and cashed.

I’ve seen some ingenious scam emails arrive in my own inbox, looking relatively harmless with actual logos of banks, Paypal, links to sites that look exactly like those of the real institutions, and even a few recently claiming to be from the Automated Clearing House (ACH), claiming that my direct deposit has been declined. Email addresses of the sender can also be deceiving&mdashoften only an indiscreet character can differentiate between the real bank and the fraudulent site.

The Federal Trade Commission (FTC) has provided a humorous series of videos with practical, useful, and memorable messages at YouTube about scams that could affect you and your business.

If you suspect that you have been a victim of identity theft, perhaps because you unwittingly submitted personal information in response to a suspicious, unsolicited email, or you see unauthorized charges on your credit card, immediately contact your financial institution, and, if necessary, close existing accounts and open new ones.

Also, contact the Internet Crime Complaint Center, a partnership between the FBI and the National White Collar Crime Center. Identity theft experts recommend that you also report the incident to your local police and Postmaster and request copies of their reports or case number for later reference. In addition, call the three major credit bureaus (Equifax at 800/525-6285, Experian at 888/397-3742, and TransUnion at 800/680-7289) to request that a fraud alert be placed on your credit report.