Did your business receive a suspicious email? Let’s look at how to spot phishing, report it and prevent your business from becoming a victim of cyber fraud.
According to the Federal Trade Commission (FTC), phishing is a cyberattack in which criminals trick victims into handing over confidential or personal information that they can use to access accounts, steal money or make fraudulent purchases.
Criminals target both small and large businesses because once they pinpoint communications configurations for a company, such as emails and phone numbers, they can then fire off their messages to everyone in a company.
The FBI estimates that phishing leads to losses of around $57 billion every year. Some attacks could result in small business owners closing down or spending years trying to dig out of a deep financial hole.
Alarmingly, according to Nationwide’s Agent Authority survey, about one-third of small business owners said they are not confident they could recover if their business was attacked. What’s more, 38% of small business owners surveyed did not feel knowledgeable about phishing.
How does phishing work?
The term “phishing” came from hackers who were stealing passwords from America Online customers. They would “fish” for victims and “lure” them in with emails that tricked readers into giving up their information.
These days, criminals will send phishing emails or text messages to convince employees to respond with information such as passwords, account numbers or Social Security numbers to solve a phony problem. Many phishing emails will also exploit urgency and fear to either establish rapport or have employees respond quickly and bypass procedures.
As an example, the phishing email might state that due to a digital malfunction, information has been lost, and it needs to be resent immediately. Or the email could claim that an invoice is overdue, and payment is needed right away, otherwise the account will be shut down or shipment delayed.
They even go so far as to have the logos and fonts from reputable sources, including (but not limited to):
- Banks
- Companies
- Subscription services
- Government organizations
Are there different types of phishing attacks?
Yes, scammers have adapted their methods so they can target possible victims in many ways, including:
- Phishing: Attacks sent by email to entire lists/organizations
- Spear phishing: Email attacks sent to specific person/organization
- Smishing: Attacks sent via text messages
- Whaling: Attacks targeting senior executives
- Angler phishing: Attacks via social media
How to prevent phishing
Most email and spam filters catch phishing attacks before they reach their targets. However, criminals always try to stay one step ahead and sometimes find ways to get past any safeguards that might be in place.
- Generic greetings such as “Hello Sir/Ma’am” instead of a name
- Misspellings
- Requests for personal/login info and other credentials
- “Stories” that don’t make sense
- Links that take you to websites or forms outside of the mentioned company
- Signs that things might not be right (always trust your instincts)
How to report phishing emails.
If you or someone on your team sees any of the signs mentioned above, there are steps you can take to combat the scammers and prevent other people from falling prey. And remember, don’t respond to or click on any links out of curiosity. Just clicking a link can put information or the network in danger. Always trust your gut.
If you don’t have a cybersecurity team in place:
How can you learn more?
Phishers always try to outsmart victims. But taking the above steps and staying alert can help ensure you don’t fall prey to one of their scams.
To learn more and find other help business resources, check out our Nationwide Business Solutions Center.