Email phishing scams are an attempt to infiltrate your system and acquire your usernames, passwords, and sometimes even credit card details. The unfortunate news is that they’re pretty common — and the emails often look real. The good news is that there are some steps you can take to protect your business against them.
Here’s what to do:
Know the red flags.
Emails with a bunch of typos or grammatical mistakes, or that come from a weird-looking address, should raise some suspicion. Scare tactics and “better act now” types of messaging are also a red flag. As a general rule, don’t open or click links in emails with these characteristics.
Think twice before clicking or downloading.
If an email is coming from a source you don’t recognize, it’s best not to interact with anything it contains. That means no clicking links, downloading files, or opening attachments. Generally, you should only open email attachments if you are expecting them and know what information they will contain.
Guard your Social Security number and your financial information.
You should never give out your full Social Security number (SSN) or bank details over email. Be skeptical any time you’re asked to do this, as reputable sources will have you go through a secure portal. If you give your SSN over the phone, make sure you’re the one who initiated the call.
Verify all websites.
Before you enter your Social Security number or bank information into any website form, make sure it’s a trusted, verified site. When in doubt about a Square link, reach out to us for confirmation that the link is secure, or open a new browser and go directly to www.squareup.com/login.
Use different passwords for different accounts.
Strong passwords are key. But as iron-clad as your logins may be, you shouldn’t be using the same one for all email, bank, business, and other accounts, and it’s a good habit to change your passwords every so often.
Enable two-factor authentication.
Two-factor authentication is a security process that requires two methods of verification to log in to your account. Many web services and apps — like your Square Dashboard — will periodically send a text message with an additional code that you need to log in. To protect yourself against unwanted activity on your accounts, make sure you’re using two-factor authentication whenever available.
Choose your email provider wisely.
Some email services are a lot better at flagging phishing scams than others. Make sure the provider you’re using offers two-factor authentication, sophisticated spam and phishing filters, and a mechanism to alert you if phishing or spam is suspected.
If something seems phishy:
If you suspect you may have been the target of a phishing scam, check your email logs to see if there have been any strange logins to your account and log out all active sessions. Go through your bank account statements to make sure there is no odd activity and all your deposits are going to the right place. Then change all your passwords and enable two-factor authentication. If you have specific concerns about your Square account, contact us for further assistance.
6 Best Security Practices to Protect Your Business
How to Accept Chip Cards
How to Accept Apple Pay—And Why You Should