The Consumer Assistance Program of the Vermont Attorney General’s Office is hosting the Cybersecurity for Small Businesses Training, a free webinar about protecting your small business from data breaches, scams, and cyber-attacks. Representatives from the Vermont Attorney General’s Office will be joined by Microsoft on September 29th from 9:30-10:30 for a free virtual presentation on cybersecurity for small businesses.
This presentation will feature Vermont Assistant Attorney General Sarah L. J. Aceves from the Consumer Protection Division and will discuss the ways in which businesses can protect themselves from scams and respond to a data breach. Microsoft Suite users can stay on for an additional presentation by a Microsoft training expert, who will discuss the application of cybersecurity features within the platform. Vermont small businesses are invited to join us for this informative and interactive presentation.
Event: Cybersecurity for Small Businesses Training
Hosted by: Emily McDonnell, Small Business Advocate of the Vermont Consumer Assistance Program of the Vermont Attorney General’s Office
Presenters: Sarah L.J. Aceves, Vermont Assistant Attorney General Jessica Harrison, Microsoft Training Manager
Our office works to promote a private-public partnership to inform Vermont small businesses. Our goal is to give businesses the resources they need to comply with the expectations of commerce. Please understand our office is unable to provide legal advice and we do not endorse any specific business.
BURLINGTON – The Attorney General’s Consumer Assistance Program (CAP) is warning Vermont business owners, non-profits, and employees about an uptick in business imposter email scams. In the last two months, CAP has received five reports of business imposter email scams resulting in a total loss of $210,799. Scammers are impersonating employees or familiar business representatives’ emails and contacting company bookkeepers and office administrators asking them to change bank account information, direct deposit information, or asking them to write checks. By impersonating an employee’s email address or creating a fake personal email for the employee, scammers can steal money from businesses and steal paychecks from employees.
Vermont businesses and non-profits should always verify email addresses and speak directly with an employee or business representative in person or via phone when sending money or changing payment information. Oftentimes, scammers will use an email address that only slightly varies from an employee’s true email. Be wary of any email coming from outside your company’s domain. CAP urges business owners to educate their entire company on scams that target businesses.
Here are ways in which businesses and non-profits can better protect themselves and their employees from scams:
Cybersecurity assessment: check internal controls and resolve vulnerabilities.
Train staff regularly in cybersecurity and funds management protocols.
Enlist internal protocols to verify the transfer of funds by engaging multiple staff members and voice verification, using trusted contact information.
Help clientele identify common scams within the industry.
TheSLOW method can serve as a helpful starting point, encouraging parties to take their time during urgent transactions and connect with a trusted party like CAP.
Computer tech support scammers are imposters that immediately gain trust by using well-known company names like Norton, Microsoft, or Apple, or by expressing a desire to help fix a daunting problem. Ranking third among the scams with the highest dollar loss, $695,240, in Vermont in 2021, this scam is historically successful due to its ability to establish a sense of familiarity and legitimacy garnered by the scammer’s suggested affiliation with a company and their technical prowess.
In the computer tech support scam, you are contacted by phone, pop-up or email on your computer. The message spikes your anxiety and drives your response to be reactive. Tech scammers may claim, “There is a virus on your device,” “Your security subscription has been automatically renewed,” or “You have been charged for a year’s subscription of antivirus.” In the communication, a link or phone number is included, which you are urged to contact immediately to rectify the issue.
While in reaction mode, you call, hoping to resolve the issue. During the call, the scammer will try to persuade you to give remote access to your device to fix the problem, and sometimes will ask for immediate payment for their services. In scenarios where a refund is requested, they facilitate what appears to be a transfer of funds by walking you through steps to log into your own online bank account. Utilizing their program and ability to freely roam on your computer while they have remote access, they disguise the origin of the funds transfer, which is in actuality a transfer of funds between your own bank accounts.
Tech support scammers further escalate the call, using high tones of voice, demands of urgency, and call on your empathy to help solve a problem they created. The scammer’s tactics pull the recipient of the scam further into reaction mode. While in reaction mode, responses are based on impulse and with little additional collective data. Once a person has more information, through the process of asking questions and seeking out resources, the ability to think critically and problem-solve the issue comes back online.
For this scam and consumer transactions generally, you can apply the SLOW method to disrupt the unpredictable reaction response by substituting a planned response instead. At the onset of the first communication, start with SLOW as a strategy to help you take steps to verify.
S – Slow down – scammers pressure you to react urgently. Don’t! Instead, take a breath and find your calm by doing what is immediately natural to you.
L – Log the contact – write down the information of the email, or phone call. If they are on the phone, you can tell them you will call them back, even if you don’t intend to. Then, disengage.
O – One call – make one call to a primary contact, such as a friend or family member and discuss the incident. It works best if you have pre-established who this will be; someone you can trust no matter what. The contact is a sounding board, who will ask questions and help you get curious about the interaction. Some questions might include:
How do I know the contact is who they say they are? –What proof is there? Where can I verify their contact information that is not part of the communication I received? –Was my credit card charged? What other parties can I contact that might know more about this? How can I be sure this is not a scam?
W – Who cares? Contact another party or organization in your life who cares. The Consumer Assistance Program (CAP) can help you identify scams and report them: 1-800-649-2424 and ago.vermont.gov/cap
Know what to watch out for in computer tech scams, so you can avoid them:
Be wary of pop-ups and unexpected emails/phone calls.
Watch out for security warnings and account renewals.
Don’t trust contact information, like links, URLs and phone numbers provided in unexpected emails.
Never click on links or provide remote access to your computer from an unknown email or source.
If you received an email or pop-up message, you cannot click out of, don’t engage. Instead, shut down, restart, or unplug your device.
If you get a call from “tech support,” hang up.
Be careful when searching for tech support online. Some users have been scammed by calling illegitimate phone numbers listed on the internet.
In the age of the internet and free flowing technology scammers hope to capitalize at every turn. You can prevent scams by practicing SLOW in all your consumer transactions now—and commit to being a primary contact for others. Everyone can help stop scams by following a scam prevention plan and sharing scam knowledge with your community.
BURLINGTON – Attorney General T.J. Donovan is warning Vermonters about a new variation of the family emergency scam in which scammers are demanding that cash be handed over in person to a “courier.” By presenting a fake emergency in which their loved one needs help getting out of trouble, scammers pressure panicked family members, including grandparents, into acting before they can realize it’s a scam. Until recently, scammers took a hands-off approach in collecting money, demanding gift cards, wire transfers, or virtual payments. Now, the Attorney General’s Consumer Assistance Program (CAP) is receiving reports that scammers are enlisting “couriers” to collect cash directly from unsuspecting family members at their homes to resolve the fake emergency. Vermonters who receive these calls should resist the urge to act immediately and take steps to verify the caller’s identity.
While the family emergency scam has long plagued Vermonters, CAP is raising awareness about the spread of “couriers” coming to Vermonters’ homes to collect cash. CAP has received 216 reports of family emergency scams since the beginning of the year. In the last week, CAP has received 4 family emergency scam reports from Vermonters who were told that an individual or a “courier” would retrieve cash from them at their homes—3 of these scams resulted in monetary loss. Common elements of this scam include:
Claims of a “gag order” being in place which requires secrecy.
Cash is needed to pay for a “bond” or a “bail bond agent.”
A loved one was involved in a “car accident,” sometimes related to traveling for a COVID-19 test.
CAP has found that scammers are becoming more sophisticated in their contacts and appear to be using internet searches and public social media profiles to research the locations of family members. By searching telephone numbers and addresses on the internet and scanning popular social media sites, scammers can learn about familial relationships, ages, and geographic locations. Scammers then use this information to make the scam seem credible.
CAP advises Vermonters to slow down and follow a plan to not get scammed. Use the SLOW method in urgent situations:
S – SLOW DOWN. Scammers pressure you to act urgently. Take time to regain your calm.
L – LOG THE CONTACT. Write down the phone number of the contact and disengage.
O – ONE CALL. Make one call to a primary contact, such as a friend or family member, and discuss the incident.
W – WHO CARES? Call CAP to identify and report scams at 1-800-649-2424.
The Consumer Assistance Program (CAP) has received scam reports from Vermonters who have reported receiving calls from scammers claiming to be grandchildren or lawyers representing loved ones in an emergency and that money is needed.
When contacted by someone who asks for money, a gift card to be purchased, funds to be wired, or for any other financial transaction, take steps to verify the identity of your loved one in distress.
Slow down. The scammers urge you to act urgently; don’t.
Write down the phone number of the caller and hang up.
Call your grandchild or any other person who can verify their whereabouts and well-being.
Call another person in your life who cares about you.
Call CAP at 1-800-649-2424. We care and can help identify scams.
Even if you have not been contacted by this scam, now is a great time to connect with loved ones to create a scam action plan in preparation for the likely receipt of scam calls. Consider creating an uncommon family codeword or pin number that you agree to not publicize or share with others. Make a phone tree of reliable contacts to call if a scam like this is received. Learn more about family emergency scams on CAP’s website: ago.vermont.gov/family-imposter. Act now to prevent future loss.
Help CAP stop these scams by sharing this information with those you care about.
If you have lost money to this scam, contact the money transfer company right away! Report the scam to the Consumer Assistance Program at 1-800-649-2424.
For more information on the Attorney General’s efforts to support and protect older Vermonters, visit the webpage of the Attorney General’s Elder Protection Initiative.