Today, 90% of all data breaches are the result of a phishing attack. A recent study by Google revealed that phishing attacks are the main cause of compromised online accounts. The study was conducted over a one-year period from March 2016 to March 2017. During this time, 1.9 billion user accounts were exposed due to phishing and data breaches.
What is phishing?
Phishing is a fraudulent act in which a scammer steals private and sensitive information such as credit card numbers, account usernames, and passwords. The criminal uses a complex set of social engineering and computer programming strategies to lure email recipients and Web visitors into believing that a spoofed website is legitimate. The phishing victim later realizes that their personal identity and other confidential data was stolen.
How does the scammer succeed?
Phishing succeeds when a cybercriminal uses fraudulent emails or texts, and counterfeit websites to get you to share your personal or business information like your login passwords, Social Security Number or account numbers. They do this to rob you of your identity and steal your money.
Phishing emails are typically crafted to deliver a sense of urgency and importance. The message within these emails often appears to be from the government, a bank or a major corporation and can include realistic-looking logos and branding.
The scammer will typically insist that you click on a link in an email or reply with confidential information to verify an account. They may also attempt to install ransomware on your computer that will lock you out of your files until you pay a fee.
Why do people follow their instructions?
Scammers present themselves as trusted individuals by pretending to be an authority figure in your business, the government, or even friends or family members. They may try to trick you into believing they’re from the IRS and urge that your bank account will be frozen unless you provide confidential information.
How do you protect your business from phishing?
The best way to defend your business is to train your employees to recognize phishing emails so that they don’t click on them. You should do this with ongoing Security Awareness Training conducted by a professional IT Managed Services Provider (MSP).
Ensure that all new employees receive this training as a part of their orientation and that everyone receives further training twice a year, so they’re informed about the latest phishing threats
So you plan to schedule Security Awareness Training for your employees – but what can you do in the meantime?
Be sure that your employees scrutinize all emails and text messages by doing the following:
What else can you do to protect your confidential business information?
Always back up your files to an external hard drive or cloud storage. It’s best to use a comprehensive solution with remote, offsite backup and data recovery services to ensure your business information is safe no matter what. Your MSP can provide this for you.
Also be sure to keep your security solutions up to date. Ask your IT MSP about Email and Spam Protection, which offers:
How do you report phishing scams?
Be sure to tell your employees to let you know if they receive any phishing emails. Then forward the email with the full email header to firstname.lastname@example.org. You can also file a complaint with the Federal Trade Commission (FTC).
Plus, be sure to check for the most recent scam alerts at The Federal Trade Commission’s SCAM ALERT page at https://www.consumer.ftc.gov/scam-alerts