In this 5-minute read:
- Phishing attacks are becoming more sophisticated
- Educate yourself, family, and employees about phishing attacks and other online fraud
- Never provide sensitive information to anyone without double checking
- Never download files or click on links from unknown/untrusted sources
- Never send payment without confirming the legitimacy of the request
Phishing attacks and other online fraud are a growing problem for small businesses. As more people transact, recreate, socialize, and work online, there is more opportunity for bad actors to entice people into seemingly innocent actions that can have devastating financial consequences to your business.
In this article we’ll go over some of the common cyberattacks that you and your employees might expect to see, and what you can do to prevent the damage they can cause.
What is phishing?
A phishing (sometimes called “spear phishing”) attack is when a cybercriminal sends you a fake email, SMS/text, phone message, or other communication attempting to get you to divulge sensitive personal or business information, or to send payment to a fraudulent recipient.
Often, these attacks will appear to be sent by a boss or coworker, requesting urgent action on a key project or payment on an “overdue bill,” and will ask you to click on a link or download a file that installs malware onto your system, which then the hackers can exploit for criminal purposes.
These phishing attacks are becoming quite sophisticated, and can even include fake job postings on popular employment sites to lure employees to download malware-laden job application programs, or “tech support fraud” where criminals masquerade as technical support or internet security personnel in an attempt to gain access.
What can I do about phishing attacks and other online fraud?
The best defense against phishing and online fraud, in addition to software with good security features that automatically block fraudulent messages when possible, is education. Take the time to educate yourself and your employees about the types of fraudulent cyberattacks that they may see, and what to do when they get one. Read below to learn more, and set up a training schedule to keep your employees and family members informed.
The most common type of phishing attack will attempt to get you or an employee to download a file, click a link, or input passwords or other personal information. You should NEVER click on a file or an imbedded link from an unknown source, or one you aren’t expecting, before confirming the legitimacy of the file/link via another way. Call or email the sender directly and ask them whether they sent you a file recently. When in doubt, delete it. Don’t click on emails from unknown senders, and definitely don’t click on file downloads. It just takes one to install a virus that can let future fraudsters full access to your system.
Never punish or shame an employee for asking too often whether a link or request is legitimate before taking sensitive action. Keep the lines of communication open and review your phishing protocols regularly so all employees keep on their toes. It just takes one mistake to open up the back door to sensitive company files, personal information, and more.
Even the most famous and profitable businesses in the world have suffered the impacts of this type of cyberattack, so don’t think your small business is immune.
Spoof websites can fool you or your employees into providing security credentials
It used to be that if a website had an “https” prefix, you could count on it being legitimate. But spoofers and scammers have become very creative and people are fooled every day into inputting their secure login information on a fraudulent website that looks nearly identical to their bank’s, their amazon or eBay account, or even their own website.
Sometimes you can detect the fraudulent website by looking closely at the URL. Often the suffix will be subtly different, or there may be a letter or two missing from the main company name in the address. Sometimes you can find typos or other clues on the main landing page that can let you know the site may not be legitimate.
When in doubt, type the correct, known address into your browser and look for any messages from the company that can inform you about the procedure or payment you suspect may be fraudulent. No legitimate company will ever ask for your login or password via an email or text message, and even on a phone call they will usually not ask you to provide these details but will direct you to the correct site where you can input the information yourself.
Ransomware is on the rise, and can impact even small businesses
Ransomware is what it sounds like: fraudsters entice you or employees into installing malware via a link, or providing login information, and then they hack into your system and hold sensitive files, financial information, company databases, intellectual property, or other valuable information for ransom until you pay them a lot of money, or else they corrupt, delete, or otherwise destroy the files and information. Some companies have determined that it’s actually cheaper to simply pay the fraudsters than to repair the damage they may cause.
Email or messaging scams can fool you or employees into sending payment
Another tricky method scammers are trying lately is impersonating a boss, partner, key employee, or other business owner in an email, text, or internal company message, and ask for a money transfer or other type of payment. These are often urgent, nebulous requests, and prey on the fear of some employees of asking too many questions to the boss or seeming not to know what’s happening. A boss with a history of brusqueness can exacerbate this problem.
Womply spoke to one accountant working for a group of entrepreneurial businesses who got an email from an important business owner asking for an immediate wire transfer of $120,000. The accountant went back and forth with him all day via email, judged that the request seemed legitimate, and was preparing to send the wire transfer.
Due to the accountant’s personal system of checks and balances, he called the business owner to confirm a couple of things and request certain documentation, only to find that the business owner in question had no knowledge of the transfer in question. Upon careful examination, the email address the original request for transfer had come from was one letter different from the actual business owner’s email address. Luckily the fraud was detected and reported before the payment was sent.
This is just one example of how innovative criminals can fool good people into providing money or sensitive information. Be vigilant! Double check everything.
Improve your business’s chances for success and growth by improving your online visibility
Along with training your family and employees about phishing and other online attacks, you also need to make sure your online presence is solid so that people can actually find you and start spending money with you.
Even small, local shops need a good online footprint today because almost everyone checks reviews and business details online before visiting, even if they get a personal recommendation from a friend or see your marketing materials.
Some ways to help you show up in local searches are getting regular online reviews to your Google, Yelp, and Facebook listings and also creating new online business listing profiles across other web directories.
Womply Reputation Management can help you improve your online presence. Our software will help you manage all your online reviews from one place. You can also respond to your customer reviews from your Womply dashboard.
Womply also offers business intelligence, customer relationship management, email marketing, payments, and a dynamic customer directory that updates automatically with each transaction.