5 Ways to Keep Customers and Your Business Safe from Phishing Attacks
One of the easiest and most successful scams perpetrated by hackers is to induce you to click on an email link that either installs malware on your computer or sends you to a website that looks legit (like Walmart, Amazon, or even your bank). Instead, it is set up to do one thing — steal your personal information. “But wait,” you say. “What kind of moron would fall for such an obvious ploy?” Well, we don’t have the exact numbers, but believe me, a lot do. A whole freakin’ lot. Let’s just say thousands every single day. That’s why phishing continues.
As a Small to Medium Enterprise (SME), you can’t afford not to be on guard for phishing attacks. You should train your employees to do the same. You owe it to yourself and to the customers who put their faith in you that their payment and other data is safe. Otherwise, you’ll continue to risk serious loss of funds and/or data and possibly your entire business. Here are our 5 Best Ways to Stay Safe from Phishing Attacks.
#1. Practice Extreme Suspicion
Phishing has been with us a long time, practically as long as the internet. If you’re not suspicious by now of links within an email, you should be. The bottom line here is to think twice before you click. Of course, there are plenty of legitimate email links in this world. The problem is we’re usually flying too fast through the day to stop and really think about what we click on. Seriously, these guys and gals that perpetrate phishing scams are neither the brightest nor the most creative minds in the universe. Just take a look at the kind of emails received.
The issue is when it’s sent to enough people, a small percentage of receivers will actually click on the link.
If you just take the time to stop and read a phishing email, it will likely fall apart under close scrutiny. Look for bad spelling and grammar, poorly made or unfamiliar graphics, and inducements to click that you know are suspicious. And keep the following in mind: the IRS will never ask for personal information via email; wealthy Nigerian princes are not your friend.
#2. Match the Source to Reality
In the early days of phishing, it was easier to tell that these kinds of emails were duplicitous. Hackers didn’t take the time to cloak or redirect it and anyone paying attention to the URL or actual email address would see it was a scam. But the latest permutation, known as spear fishing, takes the strategy of coming across as a particular person in a trusted organization or even someone you know, like mom.
This is when you have to put on your thinking hat and ask yourself a few questions. Would dear, old mom have any reason on God’s green earth to send me a link that asks for my banking information? Probably not. This is what we mean by matching source to reality. It’s no longer good enough to simply not click on an email from an unfamiliar source. Smart hackers have figured out how to use familiar sources. The good news is you know mom better than they do.
#3. Know the Latest Techniques
If you run a business, there’s no excuse for not being aware of the latest phishing scams. Trust us. Hackers are working on new ones all the time. Either you or your IT administrator must find a reliable tech security source and subscribe. It should go without saying — but we’ll say it anyway — regular, organized security training for employees is a must. All it takes is a single slip-up and suddenly you’re on the media radar as yet another company that can’t protect customer data. In case you were wondering, this is a bad way to build brand awareness.
#4. Prepare for Failure
A recent Gmail phishing scam was so clever that even seasoned IT professionals fell for it and, you guessed it, they clicked. The reality is that the numbers tell us someone in your organization will eventually click on a bad email. When that happens, you need to take proper security countermeasures beforehand in order to minimize the damage. Here is a short list of standard cybersecurity precautions to already have in place:
- Install an anti-phishing toolbar in browsers
- Don’t submit data to an unsecured website (look for the ‘s’ at the end of “https”)
- Keep browsers updated
- Use antivirus software and firewalls at the desktop and network level
- Make it a policy to never give out personal information online
That last one might cause you to break out in hives. This doesn’t mean you can never buy another ebook. Your best strategy is to type in the Amazon URL yourself so you know you’re at the actual website. What we’re saying is to avoid entering personal or financial information after clicking on an email link.
A WordPress Note: Constituting nearly 30% of all websites, WordPress finds itself increasingly targeted by hackers of all varieties. Code weaknesses introduced by third-party plugins and themes make this popular CMS a hacker favorite. Familiarize yourself with the simple but critical steps needed to properly secure a WordPress website, as they differ somewhat from traditional HTML-based sites.
#5. Never, Ever Trust a Nigerian Prince
Perhaps the most (in)famous of the phishing scams, this one has been around for decades in various permutations. The latest claims a Nigerian astronaut has been stuck on the International Space Station for years. Of course, he’s been accruing back pay to the tune of $15 million. They need a place to park the money — like your checking account — and a small fee to facilitate the transaction and get this poor guy home for some R & R. Yes. it’s total BS, but people still fork over their banking information every day. Please, for the love of everything holy, promise us you’ll never click on a Nigerian email link. Read it. Enjoy it. Marvel at the creativity. Just don’t click it.
The Bottom Line
It should be noted that there is no single magic bullet solution to stop phishers from doing what they love to do. Your best bet is to put into place a security “net” that includes a comprehensive array of tools and techniques. The more hacker traps you can set, the better. This is a numbers game. Layers of barriers makes it less likely a phisher will be successful in penetrating and achieving his or her ultimate nefarious goal, whatever that may be. As a final word of advice, always be ready for what’s coming next.
Anyone heard of vishing yet?