Tag Archives: cybersecurity

Free Cybersecurity Training for VT Small Businesses

Posted on by

The Consumer Assistance Program of the Vermont Attorney General’s Office is hosting the Cybersecurity for Small Businesses Training, a free webinar about protecting your small business from data breaches, scams, and cyber-attacks. Representatives from the Vermont Attorney General’s Office will be joined by Microsoft on September 29th from 9:30-10:30 for a free virtual presentation on cybersecurity for small businesses.

This presentation will feature Vermont Assistant Attorney General Sarah L. J. Aceves from the Consumer Protection Division and will discuss the ways in which businesses can protect themselves from scams and respond to a data breach. Microsoft Suite users can stay on for an additional presentation by a Microsoft training expert, who will discuss the application of cybersecurity features within the platform. Vermont small businesses are invited to join us for this informative and interactive presentation.

Event: Cybersecurity for Small Businesses Training

Hosted by: Emily McDonnell, Small Business Advocate of the Vermont Consumer Assistance Program of the Vermont Attorney General’s Office

Presenters: Sarah L.J. Aceves, Vermont Assistant Attorney General
Jessica Harrison, Microsoft Training Manager

Date: Thursday, September 29, 2022

Time: 9:30 AM – 10:30 AM (Eastern Time)

Location: Online webinar

Cost: Free

Register: Click here for the webinar registration

Businesses can preview guidance as to what to do in the event of a security breach on the Vermont Attorney General’s website: VT Security Breach Notice Act Guidance. For more information on this webinar or resources for small businesses, contact Emily McDonnell, Small Business Advocate at AGO.SmallBusiness@vermont.gov.

Our office works to promote a private-public partnership to inform Vermont small businesses. Our goal is to give businesses the resources they need to comply with the expectations of commerce. Please understand our office is unable to provide legal advice and we do not endorse any specific business.

Vermont Business Imposter Email Scams Are on the Rise

Posted on by

BURLINGTON – The Attorney General’s Consumer Assistance Program (CAP) is warning Vermont business owners, non-profits, and employees about an uptick in business imposter email scams. In the last two months, CAP has received five reports of business imposter email scams resulting in a total loss of $210,799. Scammers are impersonating employees or familiar business representatives’ emails and contacting company bookkeepers and office administrators asking them to change bank account information, direct deposit information, or asking them to write checks. By impersonating an employee’s email address or creating a fake personal email for the employee, scammers can steal money from businesses and steal paychecks from employees.

$210,799 Business Imposter Loss in Vermont in July and August 2022
Business Imposter Loss – Vermont – July and August 2022

            Vermont businesses and non-profits should always verify email addresses and speak directly with an employee or business representative in person or via phone when sending money or changing payment information. Oftentimes, scammers will use an email address that only slightly varies from an employee’s true email. Be wary of any email coming from outside your company’s domain. CAP urges business owners to educate their entire company on scams that target businesses.

              Here are ways in which businesses and non-profits can better protect themselves and their employees from scams:

  1. Cybersecurity assessment: check internal controls and resolve vulnerabilities.
  2. Train staff regularly in cybersecurity and funds management protocols.
  3. Enlist internal protocols to verify the transfer of funds by engaging multiple staff members and voice verification, using trusted contact information.
  4. Help clientele identify common scams within the industry.
  5. The SLOW method can serve as a helpful starting point, encouraging parties to take their time during urgent transactions and connect with a trusted party like CAP.
  6. Never send money to parties you cannot verify.

            To learn more about how to protect your business from these scams, watch CAP’s Avoiding the Business Imposter Email Scam Video and review the steps to verify at https://ago.vermont.gov/cap/business-imposter/.

Avoiding the Business Imposter Email Scam

            If you or someone you know has lost money to this scam, contact law enforcement and report the scam to CAP online or call 1-800-649-2424 and speak to our Small Business Advocate.

Introducing: Business Imposter Email Scam Prevention Videos

Posted on by

By Crystal Baldwin 

Businesses get scammed by imposters, too. This notion was news to me when my office received our first business imposter email scam report about five years ago. A small law firm had transferred $30,000 as directed to do so in an email. In yet another scam involving a real estate law office, it was more than $100,000 of the seller’s money that had been unwittingly transferred to a scam account. 

:30 – Avoiding the Business Imposter Email Scam. Hear the whole story at ago.vermont.gov/cap/business-imposter

We’ve heard from a retailer, who was in the process of completing their annual supply order: a container of supplies for the holiday season, with their supplier in Hong Kong. The Hong Kong supplier’s email was hacked, and the Vermont small business responded to a valid email address of the supplier to provide updated account information—to a scammer. Charities and small membership organizations have been subjects of this scam as well. 

Recently, we heard from a nurse, who, with kind intentions to appreciate fellow frontline workers purchased gift cards as suggested by their supervisor in an email, was responding to a business imposter email scam. 

In each of these scams, the personnel involved were simply following standard operating procedure: you get an email from a figure of authority to complete a financial transaction, and you do. It is easy to assume that this kind of scam won’t happen to you or your business, but with ever-evolving technology and growing capability of scammers to deceive, it is becoming more important for businesses to be on the lookout for and arm against scams.  

:60 – Avoiding the Business Imposter Email Scam video. Hear the whole story at ago.vermont.gov/cap/business-imposter

Whether an email system is hacked and the scammer takes control to send out the transfer request, or a scammer creates a fake account email with all the boss’ credentials, these emails appear as though they are coming from a legitimate source within the business.  

  • Often, when using mobile email services, only the email sender’s name is plainly visible, rather than the entire email address. So, if the email address is “yourboss@yahoo.com,” you don’t see the Yahoo account extension unless you click on the email.   
  • Another tactic scammers use is copying the signature block of the person of authority. Scammers can easily copy signature blocks used in external out-of-office autoreply messages by receiving a reply message that includes the signature block. All the scammer had to do was send an email to get the autoreply with the signature block.  

There are countless ways in which scammers can infiltrate business systems. Businesses can never be too cautious in protecting themselves and their customers from scams. In an effort to help businesses prevent scams from derailing operations, we produced the Avoiding the Business Imposter Email Scam videos and toolkit, which includes scam warnings and actual steps that businesses can take to verify funds transfer requests.  

Avoiding the Business Imposter Email Scam video. Learn more at ago.vermont.gov/cap/business-imposter

Learn more at ago.vermont.gov/cap/business-imposter 

Get more information for businesses from the Consumer Assistance Program

Report Scams:  

If you or someone you know has encountered a scam in Vermont, report it. Use the Consumer Assistance Program’s online scam reporting form. 

Help us stop these scams by sharing this information with your colleagues and business personnel.