Best Practices to Prevent Phishing Scams in Your Restaurant

Phishing scams are usually fraudulent emails that look legitimate to try to trick you into giving away personal information. Phishing scams aimed at restaurants are often trying to gain access to your POS which has valuable customer information, including credit cards.

These scams may come in the form of an email, phone call or even social media and often appear authentic and contain the logo or company information with a vendor that you work with or may even copy the name of someone that you have worked with. If your restaurant does suffer this type of attack, you could be faced with lost customer trust, negative PR and more.

So, how do you prevent this type of attack?

Talk to Your Team

Ensure everyone is aware what phishing scams are and some common practices to spot them. It is also a best practice to institute a communication policy for providing sensitive information to outside sources.

Verify the Details

Verify the name and number of the person that you are talking to and call them back on a valid number. Anyone legitimate will understand that you have the right to call them back on a verified phone number (one that you can look up, which may not be the one that they provided to you).

Trust Your Instincts

If something seems suspicious take the time to verify that the call is authentic. If someone uses threatening language, asks personal questions or is unprofessional, disconnect with them and verify the call to ensure you are protected.

Never Give Out Sensitive Information

Never provide any of the requested information. Never give out financial information or computer access to anyone that you are not certain about.

Don’t Open Suspicious Links in Emails

If you are not certain of the sender, do not open any links or attachments until reaching out to your IT team or verifying the sender.

It is common practice for these scammers to use Social Engineering to modify people’s behavior so that they are more likely to provide information. This includes knowing names and positions within your organization and utilizing a coworker or boss’s name in an intimidating way, such as: “Your boss, John, said he’d fire you if you don’t get this installed today!”

Even if you already have proper IT security education in place with your restaurants, it doesn’t hurt to remind them that they should not accept inbound calls requesting POS access, even if an announcement has been made beforehand.  At minimum, they can help protect themselves from this sort of attack by taking a name and phone number, then verifying that phone number against a website or trusted contact list before they call back.