Gone Phishing: Protect Your Business from Phishing Attacks
Turn on the television news and you’ll likely hear about malware, ransomware, and other cyberattacks that extort millions of dollars from international corporations, small businesses, schools, and individuals alike. We hear about these “breaches” at an alarming rate.
One of the fastest growing types of cyberattacks is phishing. Some experts estimate that up to 83% of all cyber security incidents involve phishing—and that number is increasing, as is the sophistication of the phishing techniques.
So how can you protect yourself and your business from falling prey to these scammers? First, let’s look at what phishing is and how scammers get to us, then let’s talk about the ways to protect against it.
What is Phishing?
Phishing is a form of social engineering, a cyberattack that manipulates or “reels in” people (humans) into sharing sensitive information (i.e., account numbers, social security numbers, passwords, etc.) that hackers can use to steal money or create fake identities.
Phishing attacks are typically carried out through email, phone, text, and social media. Hackers pose as legitimate organizations and “bait” users into clicking links to malicious websites or revealing personal information. For example, a phisher may send an email that appears to come from your bank, telling you that there is a problem with your account and urging you to click a link to talk to a representative or to fix the issue. In fact, this type of attack is often referred to as “cloned phishing” as hackers try to duplicate or clone an actual email used by the bank in order to reel the user in.
Social Media Attacks
Another example of phishing scams that affect small businesses is social media attacks—also called “angler phishing.” Many small businesses rely on social media platforms to advertise and sell their products and services. Social media platforms like Facebook and Instagram are popular and inexpensive ways to market a small business. Unfortunately, they are also easy targets for hackers.
Angler phishing scams can include fake URLs, bogus profiles, or phony instant messages. For example, a user may receive a fake notification that there was a problem with one of their posts or an instant message request from known contacts. Once the user clicks on a malicious link, a hacker can take control of the user’s account and hold it for “ransom.” The user cannot access the account and must either pay the ransom to regain access or start all over again, losing the site they’ve built and the audience they have worked so hard to attract. It can cripple an entrepreneur and kill a business.
How to Protect Against Phishing
With phishing attacks becoming more frequent and phishing tactics becoming more sophisticated, it is crucial to guard against them. Nothing is fool proof, but there are things you can do to mitigate your risk. For example:
- Installing up-to-date security software and firewall protection is the first line of defense. Things like two-factor authentication and password management can go a long way in protecting against vulnerabilities.
- Since phishing baits the end user—human beings— to gain access to systems or sensitive information, training employees how to spot phishing attacks can help prevent breaches. Awareness is key to avoiding a phisher’s bait. Some “warning signs” and best practices include:
- Avoid posting personal details on social media (i.e., birthdays, addresses, phone numbers, etc.)
- Look for odd or non-standard URL and email addresses
- Look for misspellings, language differences, grammar mistakes, or things that catch your attention
- Only open attachments from trusted sources
- If you get an email about an account (i.e., bank account, utility account, subscription, etc.) don’t click through the email. Instead, verify the information by calling the organization or by going to the organization’s website and signing into your account as you typically do
- Never give account numbers, credit card information, or other sensitive data to unsolicited phone callers
- Never reveal personal information over email or in text messages
Phishing attacks can severely damage or even kill a business. Even scarier, they are becoming more frequent and more sophisticated. If you’re not taking steps to prevent a phishing attack, you are leaving yourself and your business open and vulnerable.
Don’t get caught in a phisher’s net. Make sure you are protected with the latest software and prevention tools. Contact CloudG to get started.