Chances are you’ve heard the term “phishing” at some point. While you may not be too familiar with the term, here’s the thing: Everyone needs to understand it at some level, especially if you own a business.
What is phishing?
As Phishing.org defines it, phishing is “a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details, and passwords.”
In short, phishing is the practice of using electronic messages to propagate scams. Because these scams often attempt to breach the victim’s cybersecurity, they can potentially threaten a business’s security.
What are some common types of phishing attacks?
According to the Federal Trade Commission (FTC), some of the most common phishing emails are fraudulent emails from a service asking you to confirm account information or make a payment.
These can involve the following:
- Saying they’ve noticed suspicious login activity on your account.
- Saying you need to confirm some information.
- Sending a link with malware.
- Sending fraudulent invoices.
- Offering fraudulent coupons.
In general, phishing emails pose as a commonly used service, such as Google, Amazon, Microsoft, or Netflix. They may also pose as governmental institutions, such as the Internal Revenue Service (IRS).
If they can get their victims to believe what they are claiming, scammers can send private information straight to them, allowing them access to whatever they want. Often, login information can lead them to other information, and even if it doesn’t, it may allow them to impersonate their victims for other scams.
How can a business prevent phishing attacks?
Possibly one of the most underappreciated protections from phishing is the spam filter. Most phishing emails are sent to a large group of recipients from sketchy addresses, so a spam filter may bounce it or put it in a secondary inbox.
As a business owner, using an email service with a good spam filter is the easiest preventative measure against phishing. (Nobody will be fooled by emails they never see!)
For the phishing emails that slip through the spam filters, the only way to prevent them is to be able to recognize them. Luckily, there are some reliable ways to recognize these emails.
As you may have guessed, most scammers haven’t hacked into the IRS, Google, or whatever they are pretending to represent. That means their email address will rarely match the company’s domain. They will instead have some variation from the company’s domain, either as a typo (e.g., microsofft) or, more convincingly, a variation like “microsofttechsupport.”
Other signs of a phishing email are generic greetings (not addressing the recipient by name), instilling a sense of urgency to respond, or including a link to sign into your preexisting account. Actual companies are less likely to try to rush their customers with emails about account settings or financial information and don’t add links to sign in unless it is a confirmation email immediately after an account is created.
Protecting your business from phishing attacks is relatively easy but requires planning and consistent vigilance. Phishing should never become a significant issue if you use an email service with a good spam filter and your employees watch for a few tell-tale signs of fraudulence.