One would think that with all the awareness surrounding email phishing scams out there, that they’d cease being such a threat to companies. However, that’s not the case and no company is immune considering tech giants Facebook and Google were scammed recently out of a staggering $100 million. How? A phishing scam involving a hacker impersonating a computer parts vendor. These phishing scams can escalate and put online businesses, like e-commerce sellers, on the MATCH list resulting in being blacklisted and not being able to get approved as a merchant if they’re starting again. This will be a huge step back for a new business. To put it into context – MATCH stands for Member Alert to Control High-Risk Merchants, and was started by Mastercard to protect customers, however, businesses can get burnt too.
Phishing scams trick executives, managers, accounting department personnel and other employees into sending money to fake vendors or giving out private information that allows hackers into financial institutions and funnel funds from there. The Federal Bureau of Investigation (FBI) reports that phishing scam artists stole at least $676 million in 2017, probably more if you take in to account the incidents that were not reported.
Why are Phishing Scams so Successful?
We’re not psychologists, but we do know that phishing scams are a low-tech way to manipulate basic human nature. It’s our nature to think we’re smart and can’t be taken advantage of. It’s our nature to do our jobs and take care of business, such as accounts payable – whether we choose to use some form of Accounts Payable Software or otherwise. It’s our nature to open emails addressed directly to us. The more aware we become of attacks like phishing scams, the more hackers merely adapt their ploys to trick us.
Plus, it doesn’t help that the nature of email allows anyone to send anything to anyone and there’s no obvious way to tell whether a link or attachment is dangerous without clicking or opening it. This works in hackers’ favor since human nature is also to be curious.
The Business Tech Support Experts Weigh in on Ways to Counteract Phishing
Even with human nature, the nature of email and hackers’ fast adaptability at play, there are ways to protect your business from phishing scams and data breaches.
First easy way: Install and continuously update security software. Having anti-spam and anti-virus software in today’s business environment is non-negotiable, and it’s the easiest way to protect against data breaches and phishing scams. But, software cannot and does not provide 100% protection since threats change every day. With new threats coming at you on a daily basis, security software isn’t a one-time “set it and forget it” thing. Security software must be updated on a regular basis.
Second easy way: Establish company standards for creating and changing passwords. Consider including the following rules:
- Do not use the same password for more than one account login.
- Do not use personal identifying information, such as name, birthday, etc.
- Do not use simple passwords, such as 123456 or password
- Create passwords with at least 12-16 characters that consist of smaller words. Some sites require numbers, symbols, lower and upper case letters to be mixed in but just random small words put together are the easiest passwords to create and remember.
- Change passwords every quarter
Not-so-easy way: Fight human nature. Make phishing scams and data breach awareness an ongoing part of employee training and education. Teach employees to be suspicious and look out for:
- Misleading URLs (For example: a bank or vendor URL just slightly off)
- Overly long links
- New email formats which can be verified with a call to the sender
- Urgent requests with seemingly no need for urgency
Encourage and empower employees to pick up a phone or reach out to a sender to verify whether the request is valid before submitting any payment or information. In this day and age, vendors understand the necessity and will appreciate your company’s vigilance.
To be prepared for the worse, you can get your company insured by looking into cyber liability insurance. You might be familiar with general liability insurance that is widely adopted by businesses as part of their risk management. Similarly, cyber liability insurance can provide coverage for cyber-crimes like phishing, spoofing, ransomware, malware, and denial of service attacks. Consider looking into such policies to get insurance coverage against cybercrimes.
As long as millions of dollars are to be had, hackers will continue with phishing scams and adjust them according to tactics working at any given moment. If you need help protecting your business or more information to better educate your employees, contact Invision today for support.