What to do when cyber thieves go phishing into your business
Cybercrime is a real threat and not just to individuals. Businesses of all sizes can fall victim to cyber criminals intent on stealing everything from customer’s personal identifying information to intellectual property. One method used to gain access to sensitive data on a computer or an entire network is called a phishing scheme.
The best protection is learning more about phishing schemes, how they work, and how to avoid them.
What is a phishing scheme?
Phishing schemes are defined as a type of online scam that often comes in the form of an email. It usually seems to be from a legitimate source, such as a company or financial institution. Most ask for you to provide sensitive information or click on a link that allows someone to access your computer or network.
The term is a play on word that comes from the practice of using a lure or bait to catch a fish.
Most cyberthieves are after data or private information about you, your employees, or customers/clients. This information might include Social Security numbers, credit card or bank account numbers, birthdates, passwords, usernames, or other personal information.
In other cases, the goal may be to steal corporate information, intellectual property, or simply to gain access to information that could damage your company’s reputation.
Examples of common phishing schemes
1. Company or brand impersonation
One of the most common methods is an email that looks as though it is from a legitimate company. They will even spoof an authentic-looking email address, URL, and company logos or other signatures in the body of the email.
The scammers want you to either respond with personal, financial, or password/login information, or click a link that will take you to a fake company landing page or website.
Common phrases in these emails include:
- They noticed suspicious activity on an account or login attempts
- There is a problem with account or payment information
- Asks you to confirm some personal information
- Includes a fake invoice or other attachments
- Includes a link that asks you to submit a payment
- Says you are eligible to register for a refund or government refund/program
Stop the scam: Understand that a company will never contact you to ask for this type of information. Instruct your employees to never click on a link of an unknown email or respond to them. If anyone is unsure, they should call the company directly and verify the authenticity of the message.
2. Scare tactics
These emails often seem like they are from a government or some other official entity, such as the IRS or a regulatory agency. These emails often threaten legal action, issuing a subpoena, or cutting off access to services unless the user clicks a link and enters specific information.
Stop the scam: Any email that purports to be from a government agency is a fake. No such entity will ever issue a subpoena via email, nor will they ask for sensitive information about you, your company, or your customers/clients. Never click on any links or respond to such emails. As with scam #1, if you want to verify the authenticity of an email, call the agency directly to confirm.
3. Business email compromise (BEC)
This type of fraud is similar to a scam company email. The difference is that it appears to come from a senior staff member or co-worker. It impersonates this person to trick employees into clicking a link or making an unauthorized wire transfer or payment. They will spoof company emails and craft a message that looks plausible.
You may also receive a fraud email from someone in your address book, so be on alert for those, too.
Stop the scam: If you receive an email that asks for information or an unexpected payment, always confirm the request by phone. Be sure to inform your employees and then update access restrictions. Update and patch your email security software, passwords, and as well.
Other clues to identify phishing emails
There are other signs that an email is a fraud or scam. It is essential that you provide adequate employee education and training so they can identify phishing scams, too.
- The email is not addressed to a recipient’s name
- There is a vague identifier such as “Dear Customer”
- There hasn’t been an attempt to log in to an account
- Obvious grammatical or spelling errors or unusual phrasing
- The email asks for the person to confirm or verify information by clicking on a link
- The email address doesn’t make sense
To protect computers or systems, instruct your employees to never respond to or click on any links in these emails.
One safe way they can correspond is to copy/paste the email or web address that is already saved in an address book.
Or they can do an internet search to find the legitimate web address and then log in to an account from there.
It’s also important to install and update web tools that will identify malicious sites. Every standard web browser comes with these tools, or you can buy software designed to catch the phishers.
Cyber insurance can save your business
Besides providing education so your employees are aware of the dangers related to phishing scams and how to identify them, you may also need to purchase cybersecurity insurance.
Cyber liability insurance is designed to cover losses and damages related to data breaches. It covers hacking and viruses that can invade a computer, network, or specific files. Any business that stores customer, client, patient, or employee information should carry commercial cyber protection.
It will cover expenses related to recovery from a breach, costs related to lawsuits, fines or other legal action, or negligence claims.
Avante Insurance can help you secure cyber insurance to protect your company. We can also take care of a wide range of commercial insurance needs, including:
- Commercial property
- General liability
- Commercial auto
- Workers’ compensation
- Professional liability
- Employment practices
- Commercial umbrella
Contact us to talk about your commercial insurance needs and request a quote. We will ensure you have the right coverage to protect the business you’ve worked so hard to grow.
This blog and website are made available by the publisher for educational and informational purposes only. It is not to be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state.