Phishing attack targets merchant accounts

Phishing attack targets merchant accounts

Phishing attacks against individuals are certainly not unheard of, but a new phishing scam against merchant account processor Global Payments ups the ante when it comes to stealing account information. Thieves know that business owners are more likely to have significant cash in their accounts than the average individual, and they are targeting larger prey in hopes of better rewards.

The ins and outs of the phishing scam
According to PCWorld, this phishing scam isn't much different from any other. Merchants receive an e-mail advising them that their accounts have been frozen, locked, or otherwise limited because of suspicious or fraudulent activity. They are instructed in the e-mail to click on a link, which purportedly takes them to the Global Payments login page so they can address the issue.

The link, of course, is fraudulent, though it looks exactly like the Global Payments web site. Merchant account holders enter their username and password information just like they normally would, and once they submit that information, the scammers have it.

Of course, merchant account phishing is not limited to Global Payments. For years, customers with business accounts at PayPal have reported phishing attempts, both successful and unsuccessful, against their accounts. Since PayPal processes credit card transactions, they are a prime target for these types of scams.

Any merchant account owner, using any service, is a potential victim of this scam. It is important to understand how phishing works and how to recognize it if someone attempts it on your account.

Preventing phishing
Businesses are particularly vulnerable to phishing attempts because different employees might have access to the account. If a new employee with less experience were to receive an e-mail like the one described above, what are the chances he would panic and provide the account information?

This is why business owners must educate their employees about merchant account phishing. If everyone follows a few simple guidelines, your credit card processing accounts will remain safe.

Don't click links. If you receive an e-mail from your merchant account provider advising you that about suspicious activity, don't click any links. Instead, open a new browser window and type the URL of the merchant account web site directly. Then you can access your account and find out whether the e-mail was fraudulent.

Make first contact. E-mail is not the only medium for merchant account phishing. If you receive a phone call, fax, or other communication, don't give out any sensitive information. Instead, hang up the phone or put aside the correspondence and call the provider personally. This way, you know you are speaking with an authorized representative.

Limit access. Don't give all employees access to credit card processing information or merchant account passwords. Instead, limit this information to a few trusted employees whose backgrounds have been thoroughly checked. This reduces the potential for errors in judgment.

Article by Steve Thompson

Published: December 13,2023