Phishing Scams: Can They Be Avoided?
76 percent of organizations have suffered phishing attacks. – Wombat 2017 State of Phish
“Go fish” just got a whole new meaning.
Phishing scams are getting harder to detect. Pronounced “fishing,” phishing is a way for hackers to get you to turn over passwords, sensitive company data, and bank account information. Usually, it comes in an email, but it can also be web-linked. Hackers plagiarise bank and payment services like PayPal’s logos and email templates to look like real emails. That’s why they’re so hard to detect!
Hackers are master counterfeiters. A couple of years ago there was a phishing scam that looked like it came from the Federal Trade Commission (FTC). Of course, this, made its rounds in the world of small business.
What makes small businesses more vulnerable? Hackers are working under the assumption that you don’t have a dedicated IT professional or team. Or even if you do, there’s a substantial chance that you don’t have the proper online security. They use that against you.
Educate your Team
Hackers don’t necessarily have to be web-masterminds. They often don’t have some state-of-the-art Internet knowledge. What they do well is trick you and your employees. Hackers usually aren't some person in a dark room with a hoodie hunched over their computer. They are more like Leonardo DiCaprio’s character in Catch Me If You Can. Charming and outgoing, and excellent at conning you.Educating your employees on what to look for can go a long way in avoiding scams.
A Few Different Types of Phishing
- Traditional Phishing Attacks – Hackers present themselves as a bank or money service. Asking for your account information to “confirm” your account. Or a shipping provider asking you to click for “tracking” information.
- Spear Phishing – “Email from a friend” approach. The hacker presents themselves as an organization or person you know personally.
- Whaling - Targeting C-levels, emails look as if the CEO or regional director emailed you for “help.”
How to Avoid Phishing Scams
When training your employees on email safety, a checklist to keep at their desk might be helpful.
Here's a list of 5 ways to avoid phishing scams:
- Do not click on links, attachments or downloads without verifying the sender. A nice rule of thumb is not to download or click on anything that you weren’t expecting.
- Check all sender reputability by looking for clues. Mismatched or suspicious web address and email address that are similar but not quite right are dead giveaways of a scam.
- If the email isn’t directly addressed to you, delete it immediately. “To Whom It May Concern”, “Valued Customer”, may imply they don’t know who you are. These are all potential scams.
- If the email asks you for personal or company information, it’s a scam. NEVER enter personal information in an email, pop-up or web address. Legitimate companies will never ask you to do that.
- Any email that asks for money or claims you won a prize (especially if it's in the subject line) should be deleted and reported to your IT professional asap. This can be a bit tricky if you are in the accounting department. Always verify your records and communicate with your customers before sending or receiving
Bonus Tip: Check Your Accounts
Check your online accounts frequently. Check for unauthorized transactions. Especially ones that seem like very low amounts. Sometimes hackers will test accounts by taking small amounts of money. They want to know how aware you are.
Build Your Defense
It’d be even better if phishing spam never even made it to your inbox. Ask your IT department about firewalls, anti-virus, content filtering, and anti-spam. Make sure any software you are currently running is up to date. Find out how often your security measures are updated - could it be more often? This is your simplest, yet most effective scam defense.
Mobile Devices & Bring Your Own Device (BYOD)
Mobile devices are often overlooked. We see them as an extension of ourselves. This creates blinders for the threats they can carry.
Most recently, in January of 2017, there was a gmail scam, which took people to a fake Google login page. Most of us check our email from our phones. This makes them a solid platform to launch all kind of attacks from. Mix that in with the fact that hackers know that Android's open Chrome and iPhones open Safari, they know exactly which search engines to mimic.
That being said, you should always use the same best practices on your phone as your computer. This includes anti-virus, challenging passwords and updating software. Yes, iPhone, anti-virus for you too.
Anyone can be a victim of a phishing scam. Unfortunately, your small business is especially vulnerable. Consult your IT professional on how to minimize these threats and education your employees with best practices.
Things change rapidly in the world of tech. We'll keep your business up-to-date on the latest information technology news so you can stay in the know.
About Accent Computer Solutions
Accent Computer Solutions, Inc. is a managed IT services, cyber security, and IT support provider, serving businesses with 30-500 employees throughout Southern California. The company is headquartered in Rancho Cucamonga, California, with IT professionals strategically located throughout San Bernardino, Riverside, Los Angeles, and Orange Counties, as well as Arizona and Texas.