The internet has brought countless benefits to the business community. However, it has also brought numerous cybersecurity threats. One of the most concerning threats costing businesses money every day are phishing scams. An FBI investigation in 2016 found that businesses lose an estimated $500 million dollars a year to phishing, and that number is dramatically increasing each year. Here’s what decision makers in business need to know about phishing scams and how to prevent them.
What are the Risks: What Kind of Damage can Phishing Scams Cause?
Phishing scams can affect anyone, from businesses to government entities. Falling prey to these scams can cost enormous amounts of money. The potential losses are staggering. Consider the city of Fort Worth, Texas, which has lost around $700,000 to phishing.
The scam was perpetrated by sending a sham email to the city posing as a construction firm that was contracted for government work. The email asked the official to change the bank account for electronic deposits from Plains Capital Bank to another account from Chase Bank.
The email was convincing enough for the recipient to acquiesce their request, which resulted in the theft of hundreds of thousands of dollars.
How do Phishing Scams Work?
As a form of cybercrime and a perennial favorite in the hacker’s arsenal, phishing scams work based on the principle of social engineering. What makes them unique is that they don’t require the criminal to hack the system directly. Instead, they use psychology to convince victims to do the work for them.
Phishing has become startlingly familiar and accounts for roughly 50% of all fraud attacks. These scams work by communicating with targets from what appears to be a familiar or reliable source. Often, the assailant will make a spoof email address that is only a few letters off from a legitimate email address known to be familiar to the victim.
Another form of phishing involves the distribution of phony websites. Like the email addresses, these websites have URLs that are remarkably similar to those of popular legitimate websites. It’s far too easy to fall for one of these spoof sites and click on it thinking it’s the real thing. Once on a phishing site, the basic idea is usually to capture the credit card information of the victim when they enter it to place an order.
Identifying Phishing Scams
The key to preventing phishing scams is to know how to identify them. These scams can’t do any damage if employees know how to identify them in the first place. Savvy managers take note of this and implement employee training programs to educate them on how to spot these scams, so they can’t do any damage.
Identifying phishing scams starts with knowing what to look for.
Always double check the URL of any website and make sure it matches the official site. As mentioned previously, phishing can take many forms, including carefully crafted emails and mock sites.
Verify the email addresses before responding. Oftentimes, a phishing attempt will come from a nearly identical email (spoof email) to one you’re already familiar with.
Phishing scams will often attempt to play with the emotions of the recipient to gain a quick response. By impersonating a high level employee within the recipient’s organization and requesting a quick turnaround or threatening punishment if the request isn’t completed, oftentimes the recipient will jump to meet the request.
Request for Sensitive Information
One of the hallmarks of a phishing scam is that it will ask for sensitive information. The information can be anything from social security numbers to bank accounts or other personal information that can be used to obtain more valuable assets.
Grammar & Punctuation Errors
Another critical identifier in these scams is noticeably poor grammar and a large number of errors. Professional marketing emails or other corporate emails are usually edited to remove errors beforehand and are less likely to have grammar mistakes.
Other Key Identifiers
Other common characteristics of phishing schemes are emails that say they’re from government organizations, ask for money to cover expenses, or sound too good to be true.
Many phishing scams will promise things that sound like a dream come true, such as fabulous riches for the simple task of transferring a smaller amount to cover a transaction.
These tactics are how almost all scams are crafted, and employees need to be trained to either not respond to them, or report them as spam. Better yet, these emails should never be opened in the first place in case they contain harmful viruses.
Training staff on how to evaluate subject lines is a critical preventative strategy. Anti-virus software can help warn users when opening suspicious websites. Another advantage of anti-virus software is that it can combat embedded viruses triggered by opening emails. However, it can’t stop a person from replying to an email and leaking information, which is why training is so necessary.
Stop Phishing Scams in Their Tracks with ImageNet’s Managed IT
ImageNet partners with business every day to protect their data and take a proactive stance against phishing scams. Our managed IT services feature powerful cybersecurity tools that can stop hackers in their tracks. Experience the ImageNet Consulting difference and the peace of mind that comes with it.
Set up a call with one of our Managed IT specialists today and see what we can do to protect your business from phishing scams with managed IT services.