When internet fraudsters mimic a legitimate business to trick consumers into giving out their personal information, it’s called phishing. It’s not just a problem for consumers, but for the companies the scammers are impersonating too. The FTC has long provided to consumers about steps they can take to avoid phishing scams. But what should you do if customers contact your company upset that they responded to a phishing email from a scammer impersonating your legitimate business?
If consumers fall victim to phishing schemes that falsely invoke your company name, they may look to you for guidance on the next steps to take. Offering immediate advice and support can help you retain the customer goodwill you’ve worked so hard to develop.
How should you respond if your business is impersonated in a phishing scam?
- Notify consumers of the scam. If you are alerted to a phishing scam where fraudsters are impersonating your business, inform your customers as soon as possible. If your business has a social media presence, announce the scam on your social media sites and warn customers to ignore suspicious emails or texts purporting to be from your company. You can also inform your customers of the phishing scam by email or letter. The important point is to remind your customers that legitimate businesses like yours would never solicit sensitive personal information through insecure channels like email or text messages.
- Contact law enforcement. If you become aware of a phishing scam impersonating your business, report the scam to the FBI’s . Suggest that affected customers forward any phishing emails impersonating your business to the , a public-private partnership against cybercrime. Consumers also can with the FTC.
- Provide resources for affected consumers. If consumers believe they may be victims of identity theft because of the phishing scam impersonating your business, direct them to where they can report and recover from identity theft. For more information about recommended computer security practices, direct consumers to where they can learn how to protect themselves online and avoid phishing attacks.
- Use the episode as reminder to update your security practices. Data security isn’t just a one-and-done checklist. Threats are ever-evolving, so your defenses need to be nimble, too. For information on securing sensitive customer information, be a frequent flyer on the FTC’s data security portal. Follow case developments and read publications designed for companies of any size and sector, including Start with Security and the recently refreshed Protecting Personal Information: A Guide for Business. Pressed for time? Pledge two minutes a day to watch a video from the FTC’s resource library for businesses.
It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The 鶹ý Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the 鶹ý Trade Commission’s (FTC) system, and user names also are part of the FTC’s system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.
The purpose of this blog and its comments section is to inform readers about 鶹ý Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the 鶹ý Trade Commission.
In reply to I just got a call. Caller ID by Lisa George