During the pandemic, phishing attacks rose 350%. Phishing is one of the most common and successful internet scams, generating $1 trillion more in revenue than Walmart for hackers.
One of the reasons why phishing is so successful is that it can be hard to detect. Here are some common signs that you may be the target of a phishing scheme as well as how you can protect yourself and your business.
[Read more: 4 Social Engineering Cyber-Security Scams to Be Aware of]
What is phishing?
Phishing is a scam in which a hacker tricks an individual into handing over information or exposing sensitive data. The hacker uses a link with hidden malware or a false email to convince the victim to reveal passwords, customer information and other personally identifiable information (PII).
What does phishing look like in practice? In 2018, the FTC sent out an alert regarding a phishing attack targeting Netflix customers. The phishing email looked like it was sent from Netflix and said the company was “having some trouble” accessing the user’s billing information. A link in the email asked users to verify their payment method; however, the link instead took customers to a false website where scammers were able to steal credit card data.
Recently, phishing emails have targeted businesses using some of these pandemic-related tactics:
- Creating false “portals” for business owners to apply for government assistance and stimulus funds related to COVID-19 relief.
- Using false download links for platforms and remote work communication tools like Zoom or Slack.
- Posing as “critical update” downloads for enterprise collaboration solutions like Microsoft OneDrive.
- Pretending to be IT service providers that ask for payment to provide tech support.
[Read more: 8 Best Practices for Keeping Customer Data Secure]
It’s also important to keep your software up to date so that it can protect your system from malware. This applies not only to your computer, but also to your mobile device.
How to protect yourself from phishing
One of the reasons why phishing is so effective is that it can be hard to recognize; scams are constantly evolving. Phishing attacks also target individuals, rather than IT vulnerabilities. Employees and business owners are only human, and it’s easy to fall for a sophisticated phishing scheme.
The best chance businesses have to prevent phishing is through education. Teach your teams what to look for and how to recognize a potential phishing attempt. Here are some examples from the FTC of what a phishing attempt may say:
- They’ve noticed some suspicious activity or log-in attempts.
- There’s a problem with your account or your payment information.
- You must confirm some personal information.
- They ask you to pay this invoice (which is fake).
- Click on a link to make a payment.
- You’re eligible to register for a government refund.
- They give you a coupon for free stuff.
Many phishing attempts include poor spelling and grammar and come from an email address that doesn’t match the user. If an offer seems too good to be true, it is a good sign you’re being scammed.
What technology can you use to prevent phishing?
2FA or multi-factor authentication can help phishing attacks from successfully accessing user data. If a username or password is compromised, 2FA prevents a hacker from entering your accounts and stealing your valuable data.
In addition, spam filters can lower the likelihood that phishing attempts ever make it to your inbox. “Spam filters with sandboxing and DNS filtering are also essential security layers because they keep malicious emails from entering the network, and protect the user if they fall for the phishing attempt and end up clicking on a malicious hyperlink,” one security expert told ZDNet.
It’s also important to keep your software up to date so that it can protect your system from malware. This applies not only to your computer, but also to your mobile device. Phishing attacks can come in the form of text messages and free (false) app download requests.
If you think you may be the victim of a phishing attack, the FTC recommends that you visit IdentityTheft.gov. The website offers specific steps to take based on the information that you may have lost. You may also report the phishing attack to the FTC at ReportFraud.ftc.gov.
CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.
Follow us on Instagram for more expert tips & business owners’ stories.
CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.