Tips for Protecting Yourself and Your Business From Scams
Read time: 3 minutes
With October being Cybersecurity Month, we want to answer questions about some of the latest scams as well as how to spot and guard against well-known threats.
Q: What Is Quishing?
A: Quishing is a new and sophisticated phishing threat that researchers have recently detected. It involves using a QR code, whose popularity has risen in recent years. Victims are tricked into scanning this code. When they do, they are routed to a fake website where cybercriminals can fool them into providing sensitive personal or financial information. By embedding a malicious QR code in an email, fraudsters bypass traditional defenses. In addition, sometimes scammers place a malicious QR code sticker over a legitimate one.
To help prevent yourself from being harmed by quishing:
- Be cautious about scanning a QR code from an unknown or untrusted source such as a random flyer or unsolicited email.
- Make sure you don’t see a sticker over another QR code.
- Use a QR code scanner that has security features such as verifying the URL before opening it.
- The URL should start with “https” and belong to a website you trust. After scanning, but before proceeding, check the URL to make sure it leads to the website it claims to. Look out for misspellings or other irregularities.
- Be cautious if the QR code asks for personal information, login credentials or payment. Legitimate businesses rarely ask for sensitive information via QR codes.
Q: What Scams Should I Be Aware of as a Business Owner?
A: According to the FBI, business email compromise, or BEC, is one of the most financially damaging online crimes. Here’s how it works: hackers send an email that appears to come from a known source, such as the company CFO or a vendor you regularly deal with, making a legitimate request. The intent is to trick your company into transferring money or confidential data.
To protect yourself from business-related scams:
- Train your staff to recognize phishing attempts and suspicious emails and regularly update them on new scam tactics.
- Always verify requests for fund transfers or sensitive information, especially if they come from senior executives or external partners. Call the person to confirm they sent an email requesting a money transfer. Do not use the phone number provided in the email; use previously known contact details.
- Implement a multi-person approval process for transactions to add another layer of security.
- Configure multi-factor authentication for email accounts.
- Regularly audit your financial accounts and transactions. If you find any discrepancies, investigate immediately.
Q: What Should I Do Before Downloading Apps to My Phone?
A: Here are some tips to follow before downloading an app:
- Before you download any app, verify its authenticity. To do that, make sure it has at least 100 reviews and several thousand downloads before you install it. And read the reviews, as reviewers typically warn others if the app is malware.
- Stick to downloading apps from official app stores like Google Play for Android and the App Store for iOS. These platforms have security measures in place to vet apps.
- Before installing an app, review the permissions it requests. Be skeptical if an app asks for permissions that don’t seem necessary for its functionality.
- Use your phone’s settings to limit app permissions wherever possible.
- Avoid downloading apps from third-party websites, as these are not vetted for security.
This document is for informational use only. The information contained herein is not intended to be personal technology or cybersecurity advice. Nothing herein should be relied upon as such. There is no guarantee that any claims made will come to pass. The information contained herein has been obtained from sources believed to be reliable, but Mariner Wealth Advisors does not warrant the accuracy of the information. Consult an information technology or cybersecurity professional for specific information related to your own situation.
Mariner Wealth Advisors (“MWA”), is an SEC registered investment adviser with its principal place of business in the State of Kansas. Registration of an investment adviser does not imply a certain level of skill or training. MWA is in compliance with the current notice filing requirements imposed upon registered investment advisers by those states in which MWA maintains clients. MWA may only transact business in those states in which it is notice filed or qualifies for an exemption or exclusion from notice filing requirements. Any subsequent, direct communication by MWA with a prospective client shall be conducted by a representative that is either registered or qualifies for an exemption or exclusion from registration in the state where the prospective client resides. For additional information about MWA, including fees and services, please contact MWA or refer to the Investment Adviser Public Disclosure website. Please read the disclosure statement carefully before you invest or send money.