FTC Guidance for Handling Phishing Scams that Falsely Invoke Your Business's Name
Thursday, March 9, 2017
man at computer in shadow, ftc, phishing scams
Print Mail Download i

It seems to be a daily occurrence that we receive an e-mail from a company we generally recognize, requesting that we respond with personal information, including passwords, account numbers, etc. Hopefully, you have not fallen victim to such a “phishing” scam. Nonetheless, if you own or are managing a business, preventing your employees from being duped by a phishing scam is only a portion of your concern. Businesses must also be prepared to assist their customers if those customers fall victim to phishing scams in which the scammers impersonated your business. Recognizing the difficult position a business is put in when contacted by upset customers who responded to a phishing email appearing to have originated from that company, the Federal Trade Commission (FTC) recently issued some helpful tips businesses should take in responding to such consumers, summarized below.

First, once a business becomes aware that its name is being used in a phishing scam, it should notify customers of the scam as soon as possible. The notification can be made through social media or via a letter or e-mail to customers. It is also important to remind customers that legitimate businesses would not solicit sensitive personal information using insecure channels, such as e-mail.

Second, the business should report the phishing scam to the FBI’s Internet Crime Complaint Center. The business should also encourage its customers to forward such phishing emails to the Anti-Phishing Working Group, which is an international coalition unifying the global response to cybercrime through data exchange, research, and public awareness.

Third, the business should assist customers who believe they are victims of identity theft due to the phishing scam by directing them to www.IdentityTheft.gov, where they can report and potentially recover any losses that resulted from the identity theft. The business can also direct customers to the FTC’s consumer cite for additional help.

Lastly, the phishing incident should be viewed as a reminder to review and update security practices governing sensitive customer information. Scammers’ methods of attack wherein customers’ sensitive personal information is compromised are constantly changing, and it is important for businesses to ensure their policies and practices are up-to-date.

©2024 MICHAEL BEST & FRIEDRICH LLP

Current Legal Analysis

More from Michael Best & Friedrich LLP

Wisconsin Supreme Court Clarifies the Rights of Guarantors in Foreclosure Actions
by: Victor J. Allen , Ann Ustad Smith
DOJ Guidance Regarding No-Poaching Agreements
by: Michael H. Altman , Eric H. Rumbaugh
New Form I-9 Required Starting September 18, 2017
by: Kelly M. Fortier , José A. Olivieri
Federal Circuit Rejects PTAB’s Articulation of Obviousness Rationale, Disregard for Evidence, and Burden Shifting
by: Melanie J. Reichenberger
After Years of Waiting, Yours or Your Competitor’s Patent Application May Quickly issue in Brazil. Are you ready?
by: Lisa L. Mueller
New EEO-1 Form Submission Stayed Indefinitely: Employers to File Prior EEO-1 Form in March 2018
by: Elizabeth N. Larson , Farrah N.W. Rifelj
Understanding Bolar and Bolar-Like Exceptions in the U.S. and Abroad – Part 2 – Canada
by: Lisa L. Mueller
Seventh Circuit Finds ERISA Plan’s Venue Selection Provision Enforceable
by: Paulette M. Mara
Federal Circuit Clarifies Boundaries of Discovery During Litigation Under the BPCIA
by: Andrew T. Dufresne
DOL Fiduciary Rule – Another Extension on the Horizon!
by: Carrie E. Byrnes , Jorge M. Leon

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins