Most people are familiar with how a basic phishing scam works: links or attachments in emails or messages from scammers can download malware onto your devices that allow them access to your personal information. Recently, Better Business Bureau released a warning about a new twist on phishing scams, one that specifically targets small business owners.
Scammers are sending virus-infected emails disguised as Requests for Proposals (RFPs), which local entrepreneurs know are good ways to win new clients and contracts. Naturally, an email that looks like an RFP will catch their eye. There are a couple versions of this scam. Sometimes there is an official-looking PDF attachment that, when opened, downloads malware. Other times, a link in the email takes the business owner to a fake form that asks them to fill out personal and banking information, under the guise of needing payment information.
Texans should especially be aware of RFP scams. According to the Small Business Administration, more than 98% of all business across the state are small businesses. Currently, 200 phishing scams have been reported to BBB Scam Tracker from across Texas, with financial losses ranging from $35 to $3,000.
BBB serving the Heart of Texas suggests the following tips to protect yourself and your business from RFP scams:
• Call the contact. If you aren’t sure if an RFP is real, reach out to the provided contact to confirm. If they don’t answer or refuse to speak to you over the phone, that’s a huge red flag. Scammers often hide behind being out of the country.
• Get outside confirmation. Scammers often pose as government agencies or use real company names. If this is the case, go to the agency or company website to see if the RFP is posted there. If they don’t list RFPs online, call the office to confirm. Don’t use a link or phone number provided in the potentially fake email.
• Be cautious of generic RFPs. Scammers try to cast a wide net by including few details and generic information in their RFPs.
• Don’t believe what you see. Just because an email looks real doesn’t mean it necessarily is. Scammers can fake anything from the logo to the email address.
• Don’t open attachments. This is good advice for any kind of phishing scam; if you have any suspicion about the message you received, or you don’t know the sender, do not open pictures, links or any other kind of attachment.
• Report it. Reporting scams can help authorities fight against fraud and can help other consumers protect themselves.