How Retailers Can Safely Navigate Phishing Scams with Confidence
The digital space has completely changed the game for retailers.
With the rise of eCommerce and the importance of social media, businesses have no choice but to be connected and available for their customers everywhere.
However, just like individuals, businesses are prone to phishing scams.
And it happens to the best of us – having encountered phishing attempts ourselves, we wanted to provide you with some proactive measures.
What is a phishing scam?
A phishing scam refers to a malicious attempt to steal an individual or business’ login credentials or any private information.
Phishing scams can happen through email, phone call, text message, social media, and many other creative ways.
Just as you can't control who tries to break into your home, it's important to remember that we're all susceptible to phishing scams.
Being vigilant and informed is the best defense against these digital threats.
In this post we will cover tips on how to make your digital home more secure
Phishing Due Diligence: First Contact
The first time you open a line of communication with a customer, they grant you a form of consent.
Whether it’s via email marketing, a webchat interaction, a direct message on social media or a conversation that follows after texting their receipt, they have been able to make an educated decision on sharing their personal information with you.
Your customers have the ability to verify the legitimacy of your business by looking up your email on your website, finding your phone number or checking out your social media account before making those interactions.
But, how can you verify the legitimacy of a new customer?
Generally speaking, most interactions won’t be a phishing attempt, but here are 3 rules of thumb to follow, especially when you are dealing with a new customer:
#1 Do not share or give any personal or business information
Personal or business information can include: financial information, login credentials, or internal documentation.
You should also be actively discouraging employees to ever share their personal information, such as their phone number, email address, etc.
#2 Do not react to an “urgent” matter
Be wary of anything that requires your attention ‘urgently’. This is often used as a method to create fear and get you to react without thinking.
#3 Tailor a security checklist unique to your business
There are many ways you can minimize the chances of falling for a phishing attempt.
Whether it’s using tools like Stripe Radar or adding a couple of steps before customers can purchase high-ticket items, it’s important to address vulnerabilities that are unique to your business.
Phishing Due Diligence: High Ticket Items
For retailers dealing with high-ticket items, creating a workflow to mitigate risk should be a top priority. Here are a few things you can do:
Require merchandise above a certain amount to be shipped in-store only. This way you can validate the buyer’s ID in person.
This is a little different from requiring ID at the door if you were to ship the item to the customer. Requiring ID in-store allows you to verify the method of payment before giving the merchandise to the customer, versus requiring ID at the door is solely for the purpose of ensuring the merchandise is dropped off to the right person.
Create a rule in your Stripe profile to only allow shipment to Stripe validated addresses.
Leverage Stripe Radar and get specific with what you accept, for example, you can block transactions from a card with a prior dispute in the last year.
You can get very specific with your Stripe Radar rules, this page provided by Stripe can give you creative ideas on what can work best for your business.
The last and most important piece of the puzzle when dealing with high-value merchandise is to ensure employees are trained on all workflows.
With time, recognizing suspicious activity will become second nature.
The Importance of Your Business Phone Number
As mentioned, phishing scams can take many shapes and forms. Your phone number, just like your email, is a form of identification for your business.
There are two methods of communication with your phone number – whether it’s a phone call or a text message, it’s important to understand the value of your business phone number.
How to Choose the Right Phone Number
Chances are that if you are reading this, then you are a business owner and you already have a phone number.
You might be considering text-enabling your business phone number (yes, you can text-enable a landline number), but before making that decision, let’s cover some basics.
Choosing the right phone number to text from is one of the most important decisions you will make.
We highly recommend using the business phone number that you are already operating with, and if you need a new one, Ikeono can provide one for you.
Can any and all phone numbers be text-enabled?
No.
Mobile phone numbers and phone numbers from these carriers cannot be text-enabled: Verizon Wireless, Verizon OneTalk, AT&T Wireless, T-Mobile, and Google Voice.
This leaves us with another question…
Should You Use a Different Phone Number for Texting?
If the business phone number that you have today cannot be text-enabled, you can use a different phone number for business text messaging.
But, you might want to consider porting over your number to a carrier that allows your business phone number to be text enabled, especially if you have been in business for a long time and have built a digital and physical presence with this phone number.
Short Codes vs. Your Business Phone Number
When it comes to business text messaging, one of the first things that comes to mind are short codes.
What are short codes and how do they compare to a 10-digit business phone number?
Short codes are generally 5 or 6 digits in length and are technically meant to be easily remembered.
You might recall watching a show on the television where you can vote by texting 55555.
Those days are gone and it’s mostly companies like Amazon that use these types of short codes, and the messages are generally transactional.
They mostly pertain to shipping confirmations, and other messages that can be automated and often (intentionally) read in a robotic tone.
Using your business phone number puts you in a completely different camp.
Instead of having a transactional conversation with your customers, conversational text messaging allows you to go beyond and build long lasting relationships with your customers.
Using your own business phone number is not only enabling you to connect with customers in a whole new way, it is also an important security measure.
Two-Factor Authentication (2FA)
This brings us to two-factor authentication (2FA), which is one of the best security measures to always enable on any new account you sign up for.
Yes, at times it can be a nuance but it is truly one of the best ways to protect your business from phishing attacks, because it is very unlikely that two different pieces of information can be compromised simultaneously.
For example, if your login credential is compromised and you have 2FA enabled, then it’s unlikely that the perpetrator also has access to your phone to perform the second step in the verification process.
Yet another scenario that highlights the importance of your business phone number is to prevent employees from using their personal phone numbers when creating new accounts.
This usually happens when your business phone number is not text-enabled.
Again, this presents a range of issues, such as potential security breaches since you don’t have control over the employee’s phone and a loss of access to the account if the employee leaves the business.
PRO TIP: Should employees use their personal phone number for business?
You should be actively discouraging your employees from using their personal phone number to conduct business on your behalf.
Not only can this be a major security breach for your customers, since personal information can now live on your employees’ phones, but you also lose access to records of those conversations and you can never be sure if the employee is doing work for your customers outside of your business.
Trust Your Intuition
As the old adage goes the best defense is a good offense, but often your gut feeling about a situation is your greatest asset.