Page 25 - AT
P. 25
BUSINESS Thursday 5 december 2019
A25
Holidays bring phishing scam surge aimed at small business
By JOYCE M. ROSENBERG that criminals who used thor of “Everyone’s Been
AP Business Writer to blanket thousands of Hacked,” a book sold on-
NEW YORK (AP) — The computer users in hopes line.
email looked legitimate, of fooling a handful have Often a scam succeeds
so Danielle Radin clicked refined their methods. because there’s just a
on the link it contained, ex- Scammers find small busi- shred of doubt in a com-
pecting to have her prod- nesses through websites, puter user — the email is re-
ucts included in a holiday social media sites and by alistic enough that an own-
gift guide. combing email address er or employee feels they
“I instantly regretted it,” books. They also mine per- need to read it. Sometimes
says Radin, owner of Man- sonal data from breaches a staffer clicks out of fear
tra Magnets, a website that at retailers and other large or a sense of responsibility,
sells wellness products. “It companies. Then, using a says Rahul Telang, a profes-
took me to some random process called social en- sor of information systems
website that looked like gineering, they construct at Carnegie Mellon Univer-
those pop-ups telling you emails that increasingly sity’s Heinz College.
that you’ve won the lot- look realistic, as if they truly “It might not sound very In this Oct. 8, 2019, file photo a woman types on a keyboard in
tery.” come from a boss, col- personal, but you have an New York.
Within days of that click league, friend, potential cli- idea that you should go Associated Press
three weeks ago, Radin ent or vendor, a bank and ahead — you feel like the one to do: check the email tor of threat research and
began getting notifica- even the IRS. email is coming from the address to be sure it’s com- detection at Proofpoint,
tions that people in Ecua- “In the last year or two boss,” he says. pletely correct. When he a cybersecurity company
dor, China and elsewhere they’ve been running more Computer users may not clicked on the link, it took based in Sunnyvale, Cali-
were trying to access her professional campaigns,” be looking as closely as him to a bogus website fornia.
email account. She wasn’t says Perry Toone, owner of they should at an email — claiming to be connected A common scam at holiday
surprised; she knew her San Thexyz, an email service there can be subtle signs with Microsoft and asking time is an email purportedly
Diego-based small business provider based in Toronto. that a message is trouble. him for his ID and password. from the boss telling a staff-
had been the target of a “It can take a couple of Terry Cole, owner of Cole He went no further and suf- er to go buy gift cards and
phishing scam. minutes for me to deter- Informatics, a company fered no damage to his PC. email the numbers back,
While cybercriminals strike mine that they’re phishing whose work includes cy- The holidays provide scam- DeGrippo says.
at any time of the year, scams. That tells me they’re bersecurity, recalls getting mers with extra opportu- “When it appears to come
they’re particularly active doing a very good job.” an email that truly seemed nities: emailed greeting from a boss or CEO, I think
during the holiday and in- Radin believes the scam- to be from a colleague. He cards, package shipment there is that tendency
come tax filing seasons mers found her through was one of several people notices, offers of discounts among employees to
when computer users ex- her website or a blog. Like in the industry to receive it. — all of them false. Cyber- follow those directions.
pect to see more emails many small businesses, she “It said that this colleague criminals also seek personal They’re playing on their
— and scammers are in- has an email address on had sent me a secure pri- information from owners emotions,” she says.
creasingly targeting indi- her site, and the scammers vate message that was and employees under the Often, a scam succeeds
vidual small businesses with figured out that she might ready for me to read and guise of needing them to in getting an employee to
phishing scams, sending be interested in selling via a included a link to click. create a W-2 or 1099 tax click on a personal email
messages that look legiti- holiday gift guide. But find- This was absolutely con- form; at this time of year, while on a company PC —
mate but do harm instead. ing a target is one thing; sistent with my normal ex- business owners’ thoughts many workers check their
An unsuspecting owner or the scam won’t work unless periences communicating are turning to taxes. personal email while at
employee clicks on a link it tricks an email recipient with him,” says Cole, whose “Something that claims work.
or attachment and like into clicking. Even those company is located in Par- to know you, your name, Even though the email
Radin finds that malicious who are tech savvy can sons, Tennessee. where you work and wants came through on a person-
software has invaded their sometimes let their guard Cole didn’t do in that in- you to take some action is al message, it’s the com-
PCs. down. Radin was duped stance what he usually harder to spot,” says Sher- pany’s machine that can
Cybersecurity experts find even though she’s the au- does and advises every- rod DeGrippo, senior direc- be infected.q
