Email phishing scams on the rise: How to protect your business and customers
Important notice: We’ve recently learned of a new email phishing scam attempt that may potentially impact you as a user of Invoice2go, a Bill.com company. Some business owners and their customers have reported receiving suspicious emails containing fake Invoice2go invoices from an unknown business. Protecting your security online is a top priority for us at Invoice2go. Please visit our Help Center to learn more about this incident, and what you can do.
With email phishing scams on the rise, businesses big and small need to be aware of how to protect themselves from the various attacks in circulation, and what to do should they fall victim.
What exactly is an email phishing scam?
Phishing scams are one of the most common forms of cyber attack. Typically carried out over email, they trick the recipient into taking an action – this can be opening an attachment, clicking on a link, or in the case of invoice emails, making a payment into the fraudster's account.
Often times you’ll be taken to a fake website set up to scam you out of your personal information. A staggering 1.4 million of these phishing websites are created every month.
How to protect your business and customers from email fishing scams:
- Always verify the email address. Legitimate Invoice2go emails will come from an @spemail.2go.com or @mail.2go.com domain. Invoices also come from your own business email address. Many phishing scams will choose email addresses that look similar to a real address. For example, scammers may include an extra dash or dot somewhere in the address.
- Never enter sensitive information into a website where the address doesn’t end with Invoice2go.com or 2go.com. It’s important that you (and your customers) know we’ll never ask for payment or login information anywhere else.
- Don’t click any links from a suspicious email. When in doubt, use your favorite search engine to go a company’s website directly.
- Be wary of any email asking for urgent attention, or where language/tone sounds unfamiliar.
- Update your security practices regularly. Security isn’t a set-and-forget deal. Equip all your devices with the latest internet browsers that have up-to-date anti-phishing software.
- Educate your customers on the threat of email phishing scams, particularly targeting invoice emails. Your customers should look for anything suspicious related to invoice emails from you and Invoice2go. Has an invoice showed up twice, once with altered details? Did it come from an unknown email address? If you’re including payment details on the invoice, have they confirmed those are correct before issuing a payment?
Scams impersonating your business’s good name
When your business is involved, you not only have to worry about scams targeting you, but also fraudsters taking advantage of your good business name to scam your customers.
If you find out someone is impersonating your business as part of a phishing scam, alert your customers immediately. If they are suspicious about a particular invoice, advise them to get in touch with you immediately by emailing you directly (not hitting reply).
Where can I find more about email phishing scams?
You can find additional advice on how to best protect your business from a range of industry sources, including the Federal Trade Commission, Google’s support pages, and tech publications like ZDNet.