Imagine this: A scammer sets up an email address that looks just like it’s from your company. They then send messages to your customers or partners, pretending to be you. This practice, known as spoofing, is the work of a business email imposter.

These scammers often aim to steal passwords, bank account details, or convince someone to send money directly to them. When this happens, your company has a lot at stake. You risk losing the trust of your customers and partners, which can lead to financial losses and long-term damage to your reputation.

How to PROTECT your business

1. Use Email Authentication

• When setting up your company’s email, make sure your provider includes email authentication technology. This helps receiving servers verify that emails truly come from your company’s server.
• If an email doesn’t pass this check, the receiving server may block it, stopping scammers in their tracks.

2. Keep Your Security Up to Date

• Always install the latest patches and updates to protect your network. Set these updates to happen automatically to minimize risk.

Software update

• Invest in intrusion prevention software to monitor your network for suspicious activity and alert you when a potential threat is detected.

3. Train Your Staff

• Regularly teach your employees how to spot phishing scams and other common cyberattacks.
• Include these cybersecurity tips in your ongoing training programs, so staff are equipped to recognize and respond to emerging threats.

WHAT TO DO if someone spoofs your company’s email

1. Report It

• Report the scam to local law enforcement and the registrar of the fraudulent email. They can take action to investigate and shut down the fake account.

2. Notify Your Customers

• Let your customers know right away if scammers are impersonating your business. You can notify them via mail, email, or social media.
• If you send an email, be sure to avoid hyperlinks to prevent your message from being mistaken for a phishing attempt.
• Remind your customers never to share personal information through email or text. If customer data was stolen, direct them to IdentityTheft.gov to create a recovery plan.

3. Alert Your Staff

• Use this experience to review and update your security practices. Train your staff to recognize and report potential threats to further protect your business.

Email spoofing is more than just an annoyance—it’s a real threat to your business’s reputation and financial security. By taking proactive steps and educating your team, you can defend against email imposters and keep your business running smoothly.

Stay tuned, stay secure, and let’s make Cybersecurity Awareness Month count!

*Article inspired by the guide “Cybersecurity for small business” written by the Federal Trade Commission (FTC).

——————–

We at APIS Consulting can assist you in enhancing your cyber security knowledge and IT security procedures. If you require any trainings, cyber security audits, to boost your IT security, or to outsource your IT security, you can get in touch with us via email at contact@apisconsulting.cn or by adding Antoine on WeChat using the QRcode below.

---