One would think that with all the awareness surrounding email phishing scams out there, that they’d cease being such a threat to companies. However, that’s not the case and no company is immune considering tech giants Facebook and Google were scammed recently out of a staggering $100 million. How? A phishing scam involving a hacker impersonating a computer parts vendor.
Phishing scams trick executives, managers, accounting department personnel and other employees into sending money to fake vendors or giving out private information that allows hackers into financial institutions and funnel funds from there. The Federal Bureau of Investigation (FBI) reports that phishing scam artists stole at least $676 million in 2017, probably more if you take in to account the incidents that were not reported.
Why are Phishing Scams so Successful?
We’re not psychologists, but we do know that phishing scams are a low-tech way to manipulate basic human nature. It’s our nature to think we’re smart and can’t be taken advantage of. It’s our nature to do our jobs and take care of business, such as accounts payable. It’s our nature to open emails addressed directly to us. The more aware we become of attacks like phishing scams, the more hackers merely adapt their ploys to trick us.
Plus, it doesn’t help that the nature of email allows anyone to send anything to anyone and there’s no obvious way to tell whether a link or attachment is dangerous without clicking or opening it. This works in hackers’ favor since human nature is also to be curious.
The Small Business Tech Support Experts Weigh in on Ways to Counteract Phishing
Even with human nature, the nature of email and hackers’ fast adaptability at play, there are ways to protect your small business from phishing scams and data breaches.
First easy way: Install and continuously update security software. Having anti-spam and anti-virus software in today’s business environment is non-negotiable, and it’s the easiest way to protect against data breaches and phishing scams. But, software cannot and does not provide 100% protection since threats change every day. With new threats coming at you on a daily basis, security software isn’t a one-time “set it and forget it” thing. Security software must be updated on a regular basis.
Second easy way: Establish company standards for creating and changing passwords. Consider including the following rules:
- Do not use the same password for more than one account login.
- Do not use personal identifying information, such as name, birthday, etc.
- Do not use simple passwords, such as 123456 or password
- Create passwords with at least 12-16 characters that consist of smaller words. Some sites require numbers, symbols, lower and upper case letters to be mixed in but just random small words put together are the easiest passwords to create and remember.
- Change passwords every quarter
Not-so-easy way: Fight human nature. Make phishing scams and data breach awareness an ongoing part of employee training and education. Teach employees to be suspicious and look out for:
- Misleading URLs (For example: a bank or vendor URL just slightly off)
- Overly long links
- New email formats which can be verified with a call to the sender
- Urgent requests with seemingly no need for urgency
Encourage and empower employees to pick up a phone or reach out to a sender to verify whether the request is valid before submitting any payment or information. In this day and age, vendors understand the necessity and will appreciate your company’s vigilance.
As long as millions of dollars are to be had, hackers will continue with phishing scams and adjust them according to tactics working at any given moment. If you need help protecting your small business or more information to better educate your employees, contact Invision today for support.