Cybercrime has become a huge, international industry. In the US alone, phishing scams cost businesses an estimated half a billion dollars per year!
Unfortunately, scammers are also getting more sophisticated. Yes, phishing emails may still be full of grammatical errors and sketchy-sounding downloads, but often they look and sound very much like a legitimate business email.
Here’s what to know to protect your business from phishing scams.
What is Phishing?
Phishing with a “ph” got its name from the sport of fishing--casting a line and pulling in a catch.
In the digital version, an email is the line and your information is the catch.
The best phishing scams are successful almost half of the time...considering thousands of attempts may be made, that’s quite a catch.
Even bigwigs like Colin Powell have fallen victim to such cybercrimes.
Targeting a celebrity, industry leader or government official is known as whaling. Targeting a specific company, such as through a spoofed email (which appears to come from a known or internal person) is known as spear phishing.
How to Spot a Fake
Considering that a fake email may appear to come from a familiar person, that a link can resemble a legitimate website and that official logos may be stolen from a company to be applied to a fake...how do you spot a phony?
Here are some best practices in identifying phishing attempts:
- The message contains grammatical errors;
- The sender is requesting information you wouldn’t expect (such as login information or personal identification information);
- The sender is using an unusual communication channel, such as an email or phone call “from the IRS.” NOTE: The IRS sends written mail (does not initiate correspondence through email or phone calls), and has a number you can call to verify any information through them;
- The sender is sending an unsolicited/unexpected email attachment or external link;
- When you look at the sender’s name, it is not really their email address.
When in doubt, most companies have a person who will verify information for you--do not reply to the email, instead generate a new email or a phone call to the person to verify the link or attachment.
The Best Protection
Other than spotting potentially fraudulent emails in the first place, the best protection against phishing scams comes down to a few internet best practices:
- Utilizing unique and complex passwords (never reuse between sites).
- Never clicking on anything unexpected/unverified.
- Never providing personal information, such as social security number or login information, to an unverified/unsolicited source.
- Keeping all software and applications up-to-date.
While some software updates are genuinely feature changes or upgrades, most will also include patches (fixes) for any flaws discovered since the last software update. Software companies devote tremendous resources to identifying and fixing bugs. Then, companies will often share with other software companies any useful information which could lead to patching their own software.
When a bug becomes known, companies generally have a short window of time in which to perform a patch and update. Exploits which occur before software is updated are known as “zero day exploits,” because those nefarious individuals who would exploit the software flaw have only until the error becomes known and updated to use it as a method of attack.
Generally, once a bug becomes known, it can no longer be used as an attack method. Yet in some attacks, such as the massive Equifax breach last year, a failure to update software can lead to a breach.
At SCS Cloud we value the safety and security of our client’s businesses. That’s one reason we utilize NetSuite, a cloud-based computing solution with bank-level security.
Contact us to find out more.