Saving Your Business from Phishing in 2021
If you’re a business owner, then you’re a bigger target to scammers that an average joe.
This is why you need to know about the full extent of these attacks…
And how to protect yourself from them!
If you’re a business owner, then you’re a bigger target to scammers that an average joe.
This is why you need to know about the full extent of these attacks…
And how to protect yourself from them!
Phishing attacks are one of the most common security challenges that both individuals and companies face in keeping their information secure.
Whether it is getting access to passwords, credit cards or other sensitive information, scammers will use emails, social media, phone calls and any other form of communication they can to steal their victim’s valuable data.
Thus, businesses prove to be a worthwhile target for scammers, as it is easier to find specific information on a business through a few searches online.
Meaning that scammers are able to launch personalized attacks on their victims that may seem more genuine than your average phishing scam.
In order to help you understand how to avoid phishing attacks on your business, we have listed out the most common ways that a business may be subject to these attacks and how to best prevent them.
Two of the main mistakes that businesses make that leaves them vulnerable to phishing attacks is not having the required tools in place and also failing to train their employees on their role in information security.
Employees possess credentials and access to confidential data and information that is vital to the success of a breach in a business’ security. Intruders are able to obtain this sensitive information via a phishing attack. Scammers would then use this sensitive information to gain access to otherwise protected data and networks.
A scammer’s success is reliant on establishing trust with its victims. Since almost everything we do is through digital means, it has become much easier for scammers to gather sensitive information and utilize this information to launch phishing attacks that are easier to believe.
There are a majority of businesses that utilize Slack (a messaging app for businesses that allows effective communication and collaboration between its employees) within their relevant teams and units. Similarly, phishing scams on this platform are becoming increasingly common, with scammers launching their attacks through direct messages or even appearing as a Slackbot reminder.
Phishing attacks of this nature were widespread across a number of blockchain and cryptocurrency companies. In 2017 alone, scammers were reported to have made close to $225 million off these scams, with half of this being stolen through phishing attacks on Slack alone, affecting more than 30,000 victims.
In the same way, in 2020 it was reported that up to 50,000 Office 365 users were targeted by a phishing campaign that gave users a notification of a ‘missed chat’ from Microsoft Teams. Victims received an initial phishing email with a subject that displayed ‘There’s new activity in Teams’, which made it seem like the usual automated notification sent by Microsoft Teams.
To access this activity, scammers included a ‘Reply in Teams’ button within this phishing email, which redirected victims to a phishing login page for Teams.
Unsuspecting victims who entered their Teams login details were hacked by these scammers, leading to a compromised account and a breach in their company’s security, as the victim’s Teams login credentials were the same as their official work credentials.
Further, these are various other phishing techniques that are commonly used by attackers:
Here are a few steps a business can take to protect itself against phishing:
Most employees would usually use their personal devices to check their work email or even access a work website or attachment. These devices are also used to access their personal emails and social media channels. However, this leaves room for a phishing attack, compromising a victim’s personal and official data on their devices.
It is advisable for businesses to institute a policy that prevents certain sites from being accessed through personal devices, which would then greatly reduce a business’ chance of having their security compromised.
Phishing is one of the key components of social engineering. These phishing emails are crafted to mirror correspondence from a trustworthy or reputable source (the government, legal, HR, bank, etc.) and often trick victims into clicking on a malicious link embedded within the email body.
More sophisticated phishing emails may even execute hidden code if the email is simply even opened on the victim’s computer.
This emphasizes the importance of employees understanding the risks of opening email attachments or even clicking on links received from unknown sources, as these can lead to malware or virus infection.
It is vital to ensure that all employees are educated on phishing attacks and how to avoid them. Training on security awareness should be a mandatory component of employee orientation.
Some of the main aspects that employees should realize is that credible websites would never ask for their passwords over an email, nor should they open attachments from people that they do not know.
Further, secure URLs that don’t utilize https are fraudulent, as are sites that instead begin with an IP address. Scammers will try their luck on all digital platforms, so it is important that all employees understand how they could avoid being a target of these attacks, while protecting their personal and official information and data.
No matter how many articles or news updates an employee may see on a regular basis, when faced with a phishing attack, they may not know what separates the phishing attack from genuine communication.
In order to improve awareness on phishing attacks, businesses should regularly test employees with fake phishing emails. This technique enables employees to recognize genuine correspondence from a phishing attack.
There are also multiple steps that a business can take to protect itself and its employees against phishing. Businesses are advised to keep a track on the current phishing strategies (for tips on how to identify and avoid phishing attacks through email, websites and social media, you can check out these blogs on Telepathz).
It is also vital to regularly update current security policies in place within your business in order to eliminate threats. Educating and training employees to understand the various types of attacks they may face as well as how to address them is important going forward. Informed employees and properly secured systems are key to protecting your business from phishing attacks.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |