5 Best Practices to Prevent Phishing Scams in Restaurants

Share Article

Criminals can use phishing, spam and other malicious email to gain access to restaurant customers' personal and financial information, as well as sensitive business information. Ctuit Software’s Vice President of IT, David Or, shares some best practices to protect restaurants and their customers from these types of scams.

Even if you already have proper IT security education in place with your restaurants, it doesn’t hurt to remind them that they should not accept inbound calls requesting POS access, even if an announcement has been made beforehand.

Phishing scams are usually fraudulent emails that look legitimate to try to trick someone into giving away personal information. Phishing scams aimed at restaurants are often trying to gain access to the POS which has valuable customer information, including credit cards.

These scams may come in the form of an email, phone call or even social media and often appear authentic and contain the logo or company information with a vendor that the restaurant works with or may even copy the name of someone from that company. If a restaurant does suffer this type of attack, they could be faced with lost customer trust, negative PR and more.

So, how can restaurants prevent this type of attack?

1. Talk to team members
Ensure everyone is aware what phishing scams are and some common practices to spot them. It is also a best practice for restaurants to institute a communication policy for providing sensitive information to outside sources.

2. Verify the caller
Verify the name and number of the person that is calling to and call them back on a valid number. Anyone legitimate will understand the right to return a call on a verified phone number (one that can be looked up, which may not match the one that was provided).

3. Gut instinct
If something seems suspicious take the time to verify that the call is authentic. If someone uses threatening language, asks personal questions or is unprofessional, disconnect with them and verify the call to ensure that the restaurant is protected.

4. Don’t give out sensitive information
Never provide any of the requested information to unverified contacts. Never give out financial information or computer access to anyone that is not a known entity.

5. Don’t open suspicious links in emails
If the sender is not known, do not open any links or attachments until reaching out to the IT department or verifying the sender.

It is common practice for these scammers to use social engineering to modify people’s behavior so that they are more likely to provide information. This includes knowing names and positions within the organization and utilizing a coworker or boss’s name in an intimidating way, such as “Your boss, John, said he’d fire you if you don’t get this installed today!”**

Even if there is already proper IT security education in place with restaurants, it doesn’t hurt to remind staff not to accept inbound calls requesting POS access, even if an announcement has been made beforehand. At minimum, staff members can help protect the restaurant from this sort of attack by taking a name and phone number, then verifying that phone number against a website or trusted contact list before calling back.

**Ctuit prides itself in customer service and professionalism. Ctuit team members will never use hostile language, threaten restaurant employee’s jobs, ask personal or financial questions or become enraged or unprofessional in communication. If a restaurant receives a call claiming to be from Ctuit and any of the above occur, the team member should disconnect with the caller immediately and reach out to Ctuit on a verified phone number or email address.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Megan McIntyre
Ctuit Software
+1 (415) 884-4888 Ext: 108
Email >

Megan McIntyre
@CtuitSoftware
Follow >
Ctuit Software
Like >
Ctuit Software

Follow us on
Visit website