December 9, 2022

Volume XII, Number 343


December 08, 2022

Subscribe to Latest Legal News and Analysis

December 07, 2022

Subscribe to Latest Legal News and Analysis

December 06, 2022

Subscribe to Latest Legal News and Analysis

FTC Guidance for Handling Phishing Scams that Falsely Invoke Your Business's Name

It seems to be a daily occurrence that we receive an e-mail from a company we generally recognize, requesting that we respond with personal information, including passwords, account numbers, etc. Hopefully, you have not fallen victim to such a “phishing” scam. Nonetheless, if you own or are managing a business, preventing your employees from being duped by a phishing scam is only a portion of your concern. Businesses must also be prepared to assist their customers if those customers fall victim to phishing scams in which the scammers impersonated your business. Recognizing the difficult position a business is put in when contacted by upset customers who responded to a phishing email appearing to have originated from that company, the Federal Trade Commission (FTC) recently issued some helpful tips businesses should take in responding to such consumers, summarized below.

First, once a business becomes aware that its name is being used in a phishing scam, it should notify customers of the scam as soon as possible. The notification can be made through social media or via a letter or e-mail to customers. It is also important to remind customers that legitimate businesses would not solicit sensitive personal information using insecure channels, such as e-mail.

Second, the business should report the phishing scam to the FBI’s Internet Crime Complaint Center. The business should also encourage its customers to forward such phishing emails to the Anti-Phishing Working Group, which is an international coalition unifying the global response to cybercrime through data exchange, research, and public awareness.

Third, the business should assist customers who believe they are victims of identity theft due to the phishing scam by directing them to, where they can report and potentially recover any losses that resulted from the identity theft. The business can also direct customers to the FTC’s consumer cite for additional help.

Lastly, the phishing incident should be viewed as a reminder to review and update security practices governing sensitive customer information. Scammers’ methods of attack wherein customers’ sensitive personal information is compromised are constantly changing, and it is important for businesses to ensure their policies and practices are up-to-date.

©2022 MICHAEL BEST & FRIEDRICH LLPNational Law Review, Volume VII, Number 68

About this Author

intellectual property, litigator, Albert Bianchi, Michael Best, Madison law firm

A.J. focuses his litigation practice on intellectual property and federal court matters, including disputes over evolving patent, trademark and copyright infringement, contract disputes, and class actions. He also litigates cases in Wisconsin, Illinois, and Minnesota state courts, with his past experience including jury trials in both Wisconsin and Minnesota.

Michelle L. Dama, Attorney, Litigation, Michael Best Law Firm

Corporate clients turn to Michelle for her experience litigating commercial and intellectual property disputes, among other matters. Michelle also serves as a member of the firm’s Class Action/Multidistrict Litigation team. She tries cases in both federal and state courts at  the trial and appellate levels.

Michelle assists a diverse group of clients, many of them long-standing, in the following areas:

  • Complex commercial disputes
  • Intellectual property and trademark litigation
  • Product liability actions
  • Consumer law,...