15 September 2017
Category: Fraud
15 September 2017,
 0

what to do if your email is phishedTitle and settlement companies impersonated as part of an email phishing scam should notify customers as soon as possible, contact law enforcement, provide resources for affected consumers and review the company’s security practices, according to the Federal Trade Commission (FTC).

Offering immediate advice and support can help companies retain customer goodwill.

  • Here are tips on how to respond if your business is impersonated in a phishing scam:
    Notify consumers of the scam. If you are alerted to a phishing scam where fraudsters are impersonating your business, inform your customers as soon as possible. If your business has a social media presence, announce the scam on your social media sites and warn customers to ignore suspicious emails or texts purporting to be from your company. You can also inform your customers of the phishing scam by email or letter. The important point is to remind your customers that legitimate businesses like yours would never solicit sensitive personal information through insecure channels like email or text messages.
  • Contact law enforcement. If you become aware of a phishing scam impersonating your business, report the scam to the FBI’s Internet Crime Complaint Center. Suggest that affected customers forward any phishing emails impersonating your business to the Anti Phishing Working Group, a public-private partnership against cybercrime. Consumers also can file a complaint with the FTC.
  • Provide resources for affected consumers. If consumers believe they may be victims of identity theft because of the phishing scam impersonating your business, direct them to http://www.identitytheft.gov/ where they can report and recover from identity theft. For more information about recommended computer security practices, direct consumers to resources on the FTC’s consumer information site where they can learn how to protect themselves online and avoid phishing attacks.

Companies should use fraudulent emails as a reminder to update security practices as well as taking advantage of them as training opportunity for their staff. Criminal organizations that perpetrate these frauds are continually honing their techniques to exploit unsuspecting victims, which makes constant awareness and education a necessity.

Data security isn’t just a one-and-done checklist. Threats are ever-evolving, so your defenses need to be nimble, too. Check out the FTC’s data security portal for information on securing sensitive customer information. Follow case developments and read publications designed for companies of any size and sector, including Start with Security and the recently refreshed Protecting Personal Information: A Guide for Business. Pressed for time? Pledge two minutes a day to watch a video from the FTC’s resource library for businesses. The third pillar of ALTA’s Title Insurance and Settlement Company Best Practices provides guidance on adopting and maintaining a written privacy and information security program to protect non-public personal information.

Copyright © 2004-2017 American Land Title Association. All rights reserved.

This article has been used and reprinted with the permission of The American Land Title Association. The material is for general information purposes only and is not to be relied upon or used for any particular purpose. Title Industry Assurance Company, RRG and The American Land Title Association shall not be held responsible in any way for, and specifically disclaims any liability arising out of or in any way connected to, reliance on or use of any of the information contained or referenced in this article. The information contained or referenced in this article is not intended to constitute and should not be considered legal or professional advice, nor shall it serve as a substitute for the recipient obtaining such advice