No Phishing Zone: How To Spot Scams Targeting Restaurants

The internet can be an excellent tool, providing valuable information, access to social platforms, and convenient meal ordering. But the internet can also be used for nefarious purposes, such as targeting unsuspecting restaurants by phone and email. 

According to the attorney general of Texas, “Phishing is a scam in which the scammer poses as a legitimate, trusted source, in order to trick you into providing sensitive data.” The FBI reported that in 2019 nearly $57 million was lost due to phishing schemes.

Phishing scams are becoming more common, as fraudsters with access to new technologies can fool even internet-savvy users. “It’s often difficult to distinguish which ones are legitimate,” explained Daniel Cuellar, a data entry and design manager at Menufy. However, do not let this trend make you fearful of utilizing the internet.

Most phishing attempts have similar characteristics. Protect your restaurant from potential risks by learning how to recognize possible scams.

Common Phishing Characteristics


1. Inconsistencies

A restaurant manager may receive an enormous number of emails every day. As you weed through your inbox, be sure to check the authenticity of any suspicious email before responding.

An easy way to do this is by examining the sender’s address. For example, does the email address match the organization or business mentioned in the message? Fake emails may use strange addresses containing unprofessional themes or random characters and numbers.

Your restaurant probably fields numerous phone calls from vendors, customers, and other service providers. How can you be sure the calls you are receiving are legitimate and not "vishing," fraudulent voice messages?

Here's one example. Let's say that a server answers a call from the utility company that seems suspicious. A fast way to check for authenticity is by using a search engine to look up the number. If the phone number is legitimate, it will appear in the results alongside the organization in question. 

2. Grammatically Incorrect

Bad grammar and spelling mistakes are a possible sign of a phishing attempt. Unlike verified agencies or vendors, scammers won’t necessarily utilize professional editing applications or even spellcheck. Risky emails can also have strange formatting, lacking punctuation and paragraphs.

Cuellar interacts with restaurant owners and managers daily and has experienced phishing scams firsthand. “Recently, some Menufy restaurant partners have received emails accusing them of copyright infringement for allegedly using copyrighted images without permission,” Cuellar explained. These copyright notices are not credible. If you receive a message like this, we recommend that you do not click on any links contained in the email.

This message lacks paragraph formatting, a potentially suspicious sign of phishing.

This message lacks paragraph formatting, a potentially suspicious sign of phishing.

3. Urgent!!! 

Many scammers use demanding language to scare recipients into action. Frequently, fraudulent emails or calls will threaten legal action or other negative consequences if immediate action is not taken.

Senior software engineer, Dan Long, has encountered numerous reports of phishing in his career with Menufy. “I’ve seen a lot of emails that claim a user has been charged for something they didn’t purchase, and to “remedy” the issue they need to contact someone using the info provided in the email.”

This method is a scare tactic meant to panic individuals into acting without taking the time to verify the message’s validity.

 
Scammers will send official-looking domain renewal notices in an attempt to solicit payment.

Scammers will send official-looking domain renewal notices in an attempt to solicit payment.

 


4. Links and Info Requests

Internet scammers will often tempt users into clicking on malicious links or attachments, disguising them as reputable. Any email containing a link should be treated with caution, even if you think you recognize the sender. 

Restaurants have reported receiving catering order requests via email that look legitimate but instead contain malicious links. 

 
Avoid fake and phishy orders by using a verified online order provider, such as Menufy. (Photo courtesy of MORPHISEC)

Avoid fake and phishy orders by using a verified online order provider, such as Menufy.
(Photo courtesy of MORPHISEC)

 

Online phishers also use emails and phone calls to trick individuals into disclosing login credentials and payment information. They can forge login pages and company branding so that they look similar to those of a trusted vendor. 

“If you’re not sure about the email and want to contact the company about it, do NOT click any links in the email or use any information provided in the email,” insisted Long.

Solutions

1. Use Your Intuition

No credible caller or emailer will use demanding language, ask for sensitive personal or business information, or try to gain access to login credentials. If something seems suspicious, trust your instincts.

2. Inform The Staff

While a manager will most likely be responding to emails, they won’t always be answering phone calls. Educate the entire staff about what vishing scams are and how to spot them. It may be helpful to create a set of best practices for answering incoming calls, specifically highlighting policies for disclosing sensitive information.

3. Verify, Verify, Verify

Weed out suspicious callers by asking every caller for their name and contact information. Anyone who is calling your restaurant for a legitimate reason will understand and willingly provide this information.

If you’re suspicious of call or email, visit the companies website. “Search for a way to contact their support team, and inquire about the email you received,” suggested Long.

4. Protect Your Information

If an unverified contact is requesting important information, do not provide it. Always be wary, even if you believe you are corresponding with a trusted acquaintance.

If a verified individual legitimately requires business information, provide it in person or over the phone whenever possible. Most of all, never provide computer access or login credentials to anyone unknown to your business.

5. Don’t Click or Download

“I think the main takeaways are that the fraudulent ones say to download something,” Cuellar noted. If the sender is not known, do not open any links or attachments until reaching out to the IT department or verifying the sender.

6. Trust your Vendors

Relying on customers to email or call in their orders could increase the chance of phishing scams. Using a secure online ordering platform such as Menufy minimizes the risk of fraudulent food orders.

How To Report Phishing

If your restaurant has received a phishing email considering reporting it to the Anti-Phishing Working Group at reportphishing@apwg.org. You can help prevent future scams by providing details from your experience.

Another option is to report the phishing attempt directly to the Federal Trade Commission at ReportFraud.ftc.gov.

Final Word

It is vital to remain vigilant to the potential dangers of these internet fraudsters. Scammers are constantly creating new ways to use email and phone calls to convince you to provide personal information. 

Help protect the sensitive information of your business by engaging your employees in awareness training.

If you are suspicious of a notice you have received containing Menufy branding, please contact our support team at support@menufy.com or by phone at (913) 738-9399.


Melissa bio pic.png

ABOUT THE AUTHOR

Melissa Dimmitt, Marketing Communications Coordinator

Melissa began her digital marketing career nearly a decade ago at a restaurant group. She worked with restaurant managers and executive chefs while coordinating seasonal menu releases, executing photoshoots, and creating fresh digital content.