As the world is unlocked from COVID-19, it seems that online phishing attacks are on the rise. Now that we are again back to outwork and spending much more time on the office internet, email frauds are exploding and many small businesses are victims of them. Here's our short guide to simple things to remember to keep your small business safe from phishing attacks.
But What Are Phishing and Email Frauds?
Born around 1995, just 4 years after the first site appeared, phishing refers to the practice of using deceptive emails and websites to illegally obtain personal information from users. That information (usernames, password, credit cards) is later used to steal money or more information.
The word "phishing" itself is a combination of "fishing" and "phreaks," which is what hackers used to call themselves. The practice of phishing is considered a form of social engineering, which is a term for manipulating people by falsely representing themselves in a web security context.
How Can You Save Your Small Business From Phishing?
Because phishing can cost you a lot, from stolen money to large data breaches at your small business, proper security precautions are a must. We have created a shortlist of things to keep in mind to stay safe online.
1. Be Alert to the Sender and the Url in Your Emails
One of the most common phishing scams is to fake a big brand by sending an email with its name (and usually a color palette), and saying that there is something wrong with your account and asking you to log in "to fix it." In general, the appearance of the email is very similar to the original brand, however, there is a sure way to distinguish if you are dealing with a real email from the authentic brand.
Verify the email address: Scammers cannot create email addresses with the real domain name of the company, so instead of help@bigbrandname.com it will usually look like bigbrandname@somethingelse.com. Look carefully at the email address and not just the name that appears in your email client!
Check the URL before clicking: If you hover your mouse over the URL provided in the email, it will usually reveal the domain that it is pointing to, so you can see where this email leads. If it is not the official domain of the brand, do not click on it.
2. Avoid Downloading Email Attachments You Don't Want
Sometimes the email looks like a legitimate business email and does not pretend to be a large company but instead sends an attachment that contains some form of malware. The email is often structured as a commercial offer or an email sent by the recipient's company/bosses that contains files with confidential information.
If you don't know who the sender is, definitely don't open any attachments. If you know the sender, but don't expect anything from them, or if there is something fishy, it's best to skip it too. Call the sender and ask if they intended to send you something, as sometimes scammers hack into people's mailboxes and use them for phishing attacks by spamming their contacts.
The most common format for attachments is zip (.exe is generally not allowed), however, even Microsoft Office files can contain viruses, so keep an eye out for all kinds of attachments.
3. Always Check the Website You Landed on
If you click on a phishing link (usually received via email or instant messages), it will often take you to some kind of website. The purpose of these forms is usually to get your most confidential information: usernames and passwords.
Before filling in any information, check the website address in the browser's address bar.
Scammers can create a website that closely resembles the respective brand's design, but they cannot use their official domain or have the brand name in the domain (assuming the brand is trademarked). Therefore, these domains may often look like a brand name, but they will never be the original and will have additional symbols, letters, or words.
Usually, fraudulent domains look nonsensical, and sometimes the layout and flow look strange too, especially if it's a well-known brand that's often seen.
For example, when you log into Gmail, Google will never ask you to select your email provider or enter your email and password on the same screen. Therefore, the stream that you will often see on phishing sites is designed to look like the original, but it is not.
4. Ignore Requests for Money
Another type of email fraud that social engineers often use is creating a false identity and asking for money in some way. Usually, it is a “lottery won” or a person in trouble, asking for help and needing you to send them a small amount of money with the promise that you will get much more in return.
Sometimes these scams can take the form of a shakedown. A popular one was an email that circulated in recent years, stating that users had been recorded through their webcams watching adult content and asked for money. In reality, this scam attack was so scary that it made the news as people were terrified. Understandable!
Either way, if you receive a request for money from strangers, it is generally a scam. Never give money or financial information no matter how the situation presents itself.
Remember that all scammers need is just an email address to cause serious harm! Careful use of the Internet is key to protecting your privacy and well-being on the web.
Stay safe, while you are working online, and always protect your data on the internet.
5. Use Antivirus Product
A final, but most important suggestion to run advanced antivirus software in the background to give your computer real-time protection from phishing and email fraud. If you are able to afford cloud antivirus protection for your small business in a purpose to focus your attention only on business and rest your security protection on the cloud all the time.
Comments
Post a Comment