Posted on Tuesday, May 21, 2019 in CybersecurityBlog written by Rob Swenson
Business organizations in Yankton have been under attack lately. Unidentified, profit-seeking scammers have sent several bogus emails to business people and civic groups in the southeastern South Dakota community.
In the big picture, the city of about 14,600 residents probably isn’t any bigger or smaller a target for cyber thieves than comparable communities. But officials in Yankton put up their guard quickly and promptly warned other community members. Their response might be a good example for others.
The Yankton Area Chamber of Commerce sends warnings to members whenever it or an affiliated community group is targeted in a scam.
“We don’t get a lot of them (scam attempts) consistently, but when we get them, we seem to get quite a few,” said Carmen Schramm, executive director of the Yankton Area Chamber.
An incident that occurred in March involved the Yankton Convention and Visitors Bureau, which operates under the umbrella of the Chamber. A local car dealership contacted CVB Director Kasi Haberman and questioned the validity of a bill for $3,808.63 that it had received.
The invoice-like statement was signed with Haberman’s email address and included a link. But Haberman hadn’t sent the email.
Haberman commends the car dealership for verifying the suspicious billing before taking any further action. Other members of the organization were alerted to watch out for spam messages and calls.
“It was clearly a scam,” Haberman said. “Those kinds of activities take place. You should be careful when you’re clicking on things, and be sure when you’re paying any kind of bill to make sure it’s coming from a verified source.”
The Chamber itself has been targeted in different scams.
In one instance, Chamber staff members received an email that appeared to come from the Board president, who supposedly was looking for someone to quickly help with a task. Schramm realized the email had not really come from the president. But another staffer responded to the initial email and learned that the favor involved buying gift cards. Another staff member also had recognized that the request as a likely scam and no gift cards were purchased.
In addition to the email’s suspicious return address, the initial message was rather awkwardly phrased, which was a red flag:
“I’ll need you to run a task ASAP, let me know if you’re unoccupied,” the message began. “P.S: I’m busy at the moment and can’t talk but will look out for your reply.”
In another incident, a medical clinic received a fake email supposedly from the Chamber, Schramm said. And someone hacked into the Chamber’s phone system and made a call to New York.
Obviously, the Chamber’s contact information had become available to scammers. These days, it’s not wise for any organization to think their information is a secret.
Incidents such as fake billings and purchase requests underscore the importance of effectively training employees – especially new employees – to recognize and prevent potential scams, Schramm said.
Emails should be closely examined to verify that they are from who appears to have sent them, and caution should always be taken in clicking on links.
“The bottom line is that if it just doesn’t seem right, it probably isn’t,” Schramm said.
Other tips for avoiding business fraud
Employees are the most vulnerable link in any network, according to security experts. Employees should be trained and tested regularly to recognize threats and avoid scams.
Businesses also need to use good networking equipment, including firewalls, and keep devices and their overall security strategy up to date.
The FBI offers additional tips to help businesses avoid fraud:
- Purchase merchandise from reputable dealers or establishments.
- Obtain a physical address rather than simply a post office box and a telephone number, and call the seller to see if the telephone number is correct and working.
- Send an e-mail to the seller to make sure the e-mail address is active, and be wary of those that utilize free e-mail services where a credit card wasn’t required to open the account.
- Consider not purchasing from sellers who won’t provide you with this type of information.
- Purchase merchandise directly from the individual/company that holds the trademark, copyright, or patent.
SDN Communications is a regional leader in providing broadband connectivity and cybersecurity services to businesses in communities such as Sioux Falls, Rapid City, Worthington, and the surrounding areas.