Phishing attacks use malicious emails or websites cleverly disguised as legitimate points of contact and business to lure you into giving criminals access to your personal, financial, and business information. Attacks are on the rise, especially for SMB’s. Think was even targeted earlier this year. With the stakes for your business (both for your finances and your reputation) getting higher every year, we’ve prepared some information and security tips to help you deal with the “phishy” stuff that could come up.
Phrases to watch out for
Phishing attempts have come a long way from “I’m a Nigerian prince”. Criminals are using the same language that a business associate, bank contact, or client would use to trick you and your employees into giving away valuable information and access. Language like:
“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
“We were unable to verify your account. Please click here to update and verify your information.”
“Hey, it’s (your boss’s name). I’m stuck in a meeting, could you pick up some gift cards for me?” (this one made the rounds in Durango via email and text message)
“This is Todd from IT, and I need you to send me your login information so we can do some maintenance on your computer” (sent from what looks like a legitimate company email)
What to do
Play hard to get – if anything doesn’t look or feel right, DO NOT click on any links in the email or reply to the email. Contact the company/financial institution/person directly. And DO NOT use any phone numbers given in the email, those are easily faked too.
Take a breath – criminals want you in a hurry and not thinking too hard about what you’re doing, so there is almost always some sense of urgency to a phishing attempt. Take your time and ensure that any information/access you’re giving is going to the right person for the right reasons.
Don’t get too personal – with so much information available online about our jobs and our lives, it can be all too easy for criminals to collect this information and try to use it to manipulate us. Try to avoid putting too many details out there, and remember that it’s not just the people who are close to you who can get access anymore.
Beware the link – hyperlinks in emails are a favorite way for criminals to trick you into downloading malicious software (just takes one click) or enter your information on a website that only LOOKS legitimate. Don’t click anything you aren’t completely confident in, and even then think twice.
Double up – two-factor authentication is an effective and inexpensive security measure that could make all the difference for your company. With two-factor authentication, it’s much more difficult for a criminal to access sensitive information even with a login and password, because they’re still missing a key piece of the puzzle. (To learn more about two-factor authentication visit our blog post here.)
Think passphrase – The longer and more creative your password is, the more difficult it will be to hack or guess. Instead of trying to come up with bizarre spellings for common words, you could try a nonsense phrase. Like: phishingemailsarejustawful! They’re easier to remember and to type.
Bring in security – you don’t have to do this on your own, and you shouldn’t try. There are some amazing anti-virus programs and email filters that will help you protect your company from multiple types of attacks. Your odds of protecting your business, your employees, your customers, and yourself go way up when you’re using the right tools for the job.