Phishing is a problematic issue plaguing companies of all shapes and sizes. Unfortunately, cybercriminals are increasingly targeting small- to medium-sized businesses (SMBs) with their phishing attacks. These bad actors are using devious techniques, including social engineering and spear phishing, to victimize businesses. The numbers show 74% of organizations located in the U.S. experienced a successful phishing attack, and 35% have experienced spear phishing. Furthermore, 65% of active cybercriminal gangs rely on spear phishing as a primary infection vector.

Successful phishing attacks can be disastrous for SMBs. Yet many remain unaware of the risks or don’t take measures to prevent them. According to statistics, 43% of SMBs fall victim to cyberattacks, and 60% of those victims will go out of business within six months. Of these attacks, phishing accounts for over 80% of security incidents that have been reported.

What Is Phishing?

Phishing is a type of cybercrime where bad actors target individuals or organizations by email, text, or telephone. How it works is that they impersonate a trusted entity, such as a well-known business or organization, and then try to lure their victims into sharing sensitive or proprietary information, or even their credentials or passwords to access sensitive accounts or business systems. The statistics show 94% of malware is delivered by email, with the majority of them being designed as phishing attacks.
To recognize a phishing attempt, people working in any organization should look for the following attributes when evaluating communication they’ve received.

• Gives a sense of urgency. Social engineers are all about triggering emotion. As such, they design their correspondence to get people to act without thinking. They commonly use fear tactics by striving to convince people bank accounts have been blocked, credit cards hacked, or that they are locked out of important accounts and need to provide sensitive information to regain or maintain access.
• Directs to click on a hyperlink. This is a clear warning sign if someone contacts and directs the recipient to click on an unsolicited hyperlink. These links often lead to dangerous websites or force malicious downloads to occur. If looked at closely, many of these otherwise seemingly innocent links have misspellings in them and don’t lead to the authentic website they’re impersonating.
• Sounds too good to be true. If an email or other communication offers something that is too good to be true, it probably is. Cybercriminals design their phishing attacks to entice people to be attracted to their scams by disguising them as something interesting, profitable, or fun.
• Directs to download an attachment. Schemers often send attachments in email and frame them to be something important or appealing. Unfortunately, they often contain malware and can compromise accounts or even shut users out of their devices.

According to the U.S. Federal Trade Commission (FTC), victims lost $57 million to phishing schemes over the course of a year. Individuals working for businesses often are snagged by phishermen when they’re told of a suspicious activity or log-in attempts, problems with payments, or are given fake invoices to download.

How Can You Avoid Phishing Scams?

Cybercriminals are getting clever with their exploits, but people can still take a number of proactive measures to decrease the chances someone in their organization will fall victim to a phisherman.

• Update software. All software, including browsers, being used on company equipment should be configured to update to the latest versions automatically and to accept security patches. This includes any mobile devices using company systems.
• Require multi-authentication. Passwords are essential, but if possible, use other credentials to log in to systems, such as an email or text to receive an additional passcode, or even devices to scan a biometric to ensure the individual is permitted access.
• Back up data. Never assume data and important systems will always be accessible. Running frequent backups will ensure data isn’t lost to ransomware or business continuity is interrupted.
• Educate employees. One of the best proactive measures requires communication – educate employees, so they understand what they need to know about the risks and inform them of ways to protect the organization. For instance, this could include information about how they should scrutinize emails before clicking on links, recognize spoofed email addresses, differentiate between legitimate and questionable contacts, and check hyperlinks, along with learning about current and new phishing techniques.

Additionally, SMBs should use tools to protect their systems and data. This includes quality firewalls, anti-phishing toolbars, anti-virus software, and pop-up blockers.

What to Do If You Get “Caught” in a Phishing Scam

No one should ever assume someone else reported the questionable scam. If your organization falls victim to a phishing scam, it’s vital to take quick action. If fast action isn’t taken, the company could suffer substantial financial losses through drained accounts, exposed private information of customers or employees, and being locked out of files or systems. Moreover, any data breach or other exposure by cybercriminals could result in significant damage to a company’s reputation. All of these events could financially ruin a company in a very short period of time.

If this happens to your St Joseph business, the first step is to report the incident to your company’s IT department. Your IT team should update security software and then run a thorough scan. Any malware should hopefully be eliminated. All passwords should be changed across the organization.

Once the company is secure, be sure to report it to the FTC at ReportFraud.ftc.gov. Additionally, any phishing email or text messages can be sent to the Anti-Phishing Working Group at reportphishing@apwg.org (text messages can be forwarded to SPAM, or 7726).

Phishing and ransomware are two of the most critical IT security problems today’s SMBs face. If your SMB could benefit from stronger cybersecurity or starting fresh with security processes, contact ProServ Business Systems today to speak with one of our IT specialists.