What is phishing, and how can you protect your company from it?
As individuals, many of us are familiar with receiving dubious emails, seemingly trying to trick us into handing over personal data, like addresses and bank account details. These emails are a form of “phishing”, and about 135 million phishing attacks are attempted daily, ZDNet suggests.
However, you might not have realized how adversely scam emails, ransomware, and the like can affect businesses. The numbers are huge with the FBI suggesting in 2018 that US firms could be losing about $5bn annually to scams. A few years on and that number could be a lot more now – as hackers have not taken a break since the pandemic!
Fighting cybercrime is challenging, and as hackers find new ways to steal your data, businesses must focus on preventive measures. Fortunately, there are various tried-and-trusted ways you can use to prevent the obvious attacks on your staff and company systems.
Watch Out For Fake Senders
Someone could attempt a phishing attack on your business by posing as someone from within it – such as a manager or colleague – or one of the organization’s suppliers and requesting that you download an attachment containing, says the sender, details about a contract or deal.
Some cybercriminals will even pretend to be the target company’s CEO and ask the email recipient to purchase gift cards for distributing rewards, with the gift card codes demanded immediately.
Poor Spelling and Grammar Is A Clue
If any major organization is trying to get in touch with you, they are unlikely to leave instances of sloppy spelling or grammar in their copy, especially on a repeated basis. However, many phishing operators still make rudimentary errors in their writing.
Such errors can often slip in due to attackers using a service like Google Translate to translate what they have written from their own native language. As services like this tend to translate in a very technical way, they don’t always faithfully capture nuances particular to the other language.
Verify Links in Emails
Often, a phishing email will ask the victim to click a link – which, though probably innocuous-looking at first glance, can actually lead to a malicious website. However official the URL might look, you should look again carefully – especially if it is a shortened URL that will bring up a longer address.
Within an email, you can assess an included link’s authenticity by hovering your cursor over it. If the address you then see previewed looks fake, resist clicking on it. You should also check the sender’s address, which can often be hard for a phishing attacker to pass off as a trustworthy point of origin.
Keep your corporate software up to date. Ensure all users with access to business systems from the Internet, update their devices, apps and software regularly.
While you should certainly train your staff to watch out for dead giveaways, you can’t expect every single employee to always reliably detect signs of a phishing attempt. That’s why you should make sure software your workers use is routinely patched up, leaving a lower number of vulnerabilities for attackers to exploit.
Fighting cyberattacks has been ongoing for years. Back in 2018 Syed Balkhi of OptinMonster told The Next Web in that Google Chrome “can notify you if a website is suspicious, tell you why and ask you if you really want to click on the link”.
There are free and paid options to stay safe online. For example there’s Wandera’s Zero Trust cloud security advanced software, which has a proven industry-leading 98% efficacy of recognizing and proactively blocking mobile phishing attempts. And you can get antivirus software like AVG.
For more tips on staying safe online, in this article you learn of eight ways to protect your assets including MFA, and how to keep your passwords safe.
You can never be too vigilant when it comes to preventing a cyberattack. While the hackers are a step ahead, simple actions taken regularly can prevent you and your staff being easy targets.