Before adding and sharing your Fraud Alert please check to see if a similar alert has already been posted, thank you:

Holidays bring phishing scam surge aimed at small business

Post a Fraud Alert:

– The e-mail looked legitimate, so Danielle Radin clicked on the link it contained, expecting to have her products included in a holiday gift guide.

“I instantly regretted it,” says Radin, owner of Mantra Magnets, a website that sells wellness products. “It took me to some random website that looked like those pop-ups telling you that you’ve won the lottery.”

Within days of that click three weeks ago, Radin began getting notifications that people in Ecuador, China and elsewhere were trying to access her e-mail account. She wasn’t surprised; she knew her San Diego-based small business had been the target of a phishing scam.

While cybercriminals strike at any time of the year, they’re particularly active during the holiday and income-tax filing seasons when computer users expect to see more e-mails — and scammers are increasingly targeting individual small businesses with phishing scams, sending messages that look legitimate but do harm instead. An unsuspecting owner or employee clicks on a link or attachment and like Radin finds that malicious software has invaded their PCs.

Cybersecurity experts find that criminals who used to blanket thousands of computer users in hopes of fooling a handful have refined their methods. Scammers find small businesses through websites and social media sites and by combing e-mail address books. They also mine personal data from breaches at retailers and other large companies. Then, using a process called social engineering, they construct e-mails that increasingly look realistic, as if they come from a boss, colleague, friend, potential client or vendor, a bank or even the IRS.

“In the last year or two they’ve been running more professional campaigns,” says Perry Toone, owner of Thexyz, an e-mail service provider based in Toronto. “It can take a couple of minutes for me to determine that they’re phishing scams. That tells me they’re doing a very good job.”