There's nothing like getting scammed — you get to enjoy talking with your bank for hours to secure a new account, you have the fun opportunity to change every password for every account you have, and you get to gather everyone in the company to tell them their personal information is at risk! All jokes aside, we know being scammed is stressful and harmful, especially for businesses.
That's why it's better to take the time now to protect yourself from a phishing scam than have to deal with the repercussions later on. Below, we've gathered different examples of phishing scams and some tips and tricks to help you protect yourself and your business below.
What Does a Phishing Scam Look Like?
Almost everyone has experienced emails, texts or phone calls where they can immediately tell that something isn't right. The poor grammar and claims we've randomly won a free trip typically clue us in that we're being deceived. However, as scammers continue to perfect their techniques, it becomes increasingly more difficult to tell whether one of these messages is a scam.
What if the link looks legitimate? What if the email comes from a government agency? How about messages with perfect grammar and even some personal information about yourself? Spotting a phishing attempt has become more difficult since the early days of technology, but there are still a few things to look out for that can help you identify a phishing attempt.
You might be looking at a phishing attempt if you notice:
- Phrases like “Immediate action required” or “Contact us immediately about your account.”
- Claims that there have been suspicious activity or login attempts with your account.
- Promises of gifts.
- Phrases like “Dear customer” or other impersonal language.
- Excessive encouragement for you to click links or download files.
- Requests to verify personal information like your Social Security number, password or financial information.
Phishing attempts are becoming more creative and convincing (annoying, right?). No matter how good you are at figuring them out, phishing attempts still pose a huge risk to your business. All it takes is one person within the company to click a link, and you've been compromised.
How Many Types of Phishing Scams Are There?
There are many phishing scams and ways criminals will try to steal your information. Nothing is off limits, and cybercriminals will try anything and everything to get what they want.
Some lesser-known phishing scams include:
- HTTPS phishing
- Pop-up phishing
- Clone phishing
- Search engine phishing
Typically, for businesses, we see phishing attempts through targeted emails. Below, we've provided more in-depth context and examples of phishing attacks that are more likely to target your business.
1. Email Phishing
Oh, email phishing — we've all experienced it at least once. Most scammers have caught on and upped their game to create more convincing and realistic-looking emails. If you're someone who deals with a lot of emails from a work account, going through your long inbox list can be mentally draining. By the time you've gone through a few emails, you may not be as vigilant at checking the legitimacy of each one.
Scammers have become better and better at imitating real companies. If you have a feeling something is off with an email, you're probably right. Cybercriminals may know what services, websites or people you interact with and may disguise themselves as one of these trusted brands. So, always verify the email address is legitimate (correct domain and spelling), don't click on links and be wary of any emails that contain large images with little to no body text.
2. Spear Phishing
Spear phishing takes email phishing to a whole new level. With this type of scam, cybercriminals have personal information they can use to make their email seem more legitimate.
Examples of personal information phishing scams may use includes:
- Job title
- Place of employment
- Specific information about your role within a company
- Knowledge of clients or other businesses you interact with
This type of phishing attempt is good at making you believe it's real. The criminal uses information they gather from the company website, social media or other databases to create a personalized email. Often, with this type of phishing, the scammer sends the email from an account posing as an internal employee of the company, getting you to let your guard down even more.
3. CEO Fraud or Whaling
We all want to impress our bosses, so when they ask us to do something, we jump on it right away to give a good impression. What if the request doesn't actually come from your boss, though? Welcome to whaling, where criminals pose as a superior or even as the company's CEO to trick employees.
These requests are often related to money transfers, or they may ask you to review a document (the “document” is really just disguised malware). These criminals rely on you wanting to please your boss so that you're willing to overlook certain aspects or do something even if it feels a bit wrong or out of character. Remember, these attempts use the tactics of spear phishing and include personal information to really sell the idea that this is a real request from your boss.
4. Vishing and Smishing
Vishing and smishing (yes, these are real words) take the same approach as the various types of email phishing, but the method of communication is over the phone. These scams can happen either over a phone call (vishing) or over SMS text messaging (smishing).
Vishing is when a scammer calls you to speak about an extremely urgent message. These scammers try to use scare tactics to confuse you and create urgency so you handle the issue promptly. They pretend to be on your side, claiming they're there to help, when in reality, they're tricking you into disclosing personal information, which they can then steal.
Smishing contains similar content as email phishing attempts, but these criminals typically choose to pose as your bank instead of a college or boss. These messages seem urgent and alert you of “suspicious activity” on your account that you have to click the provided link to review. This link leads to a fake site that will then require you to input your banking details or other private information, which these fraudsters can use to access your real account.
Tips for Avoiding Phishing Attacks
Protecting yourself and your business from phishing attacks is crucial. Unfortunately, cybercriminals are never going to want to stop stealing information and money (you're just so awesome that they can't stay away). Investing in the best cyber protection practices and staying informed are some of the key ways to keep yourself safe from these criminals.
We've gathered some more tips for avoiding phishing attacks:
1. Double Check Every Website's Security
Did you know you can actually learn a lot about a site before even clicking on the link? Learning how to identify a legitimate website just by reading a link is a pretty cool skill to have. As scammers continue to get more discreet, reading a link before clicking on it or while on a website is no longer a foolproof way to identify fraudulent sites, but it's still a good first step and useful knowledge to have.
Before clicking on a link, always look for “HTTPS” at the beginning, not just “HTTP.” That one little “s” makes a huge difference here. HTTPS is used for encrypted and secure websites, and these websites are harder for scammers to impersonate. The chances of a website being secure go up with the addition of those five letters at the beginning of the URL.
Another way to check the validity of a site is by looking for the little lock icon next to the URL while on a webpage. Go ahead and look up at our URL — you'll see a lock icon in front of our URL in the browser search bar. This icon is always a good indication of a secure website.
2. Enable an Anti-Phishing Toolbar
Sometimes, things slip by us, and we may not notice a phishing attempt right away. Taking the time now to install an anti-phishing toolbar can help stop you from interacting with a phishing attempt any further. This toolbar compares the site you're on to a known database of phishing websites and will alert you if the website is fraudulent.
3. Keep Your Browser Up-to-Date
Stop clicking “Remind me later” for your software and browser updates. We're all guilty of doing it now and again, but these updates typically contain new security measures to help better protect you from phishing, so it's very important to keep your browser up to date.
Your browser isn't making updates for fun. If there's an update, most likely, your browser provider has identified new security loopholes, scams and techniques cybercriminals are using. Doing the update will address and better secure you from these issues.
4. Use Firewalls
Firewalls are a must, especially for businesses. There should be an overall firewall for your company-wide network and individual firewalls for each computer.
Firewalls act as a barrier between you and outside intruders who want to gain access to all of the information you have. Properly securing your business through firewalls can reduce the risk of phishing and hacking attacks.
5. Stay Informed
The look of phishing attempts is always changing, so it's important to stay up-to-date on the newest types of attempts and how they look. The more familiar you are with how these attacks look, the better you can identify them and avoid falling victim to them.
Employee training on phishing is also crucial. Awareness about phishing attacks should be emphasized and accompanied by proper training. You'll also want to make sure you have a solid plan in place for what employees should do if they receive an email they believe to be a phishing attempt.
You may even want to consider running programs that send employees fake phishing emails to help them better identify these types of attacks, so they can be more prepared if a real attempt does come along.
6. Say No to Pop-Ups
Most people tend to not enjoy pop-up ads appearing over the content they're reading or watching. So, if you haven't already chosen to enable a pop-up blocker on your computer, you should do so now. This allows you to enjoy your content in peace and it also acts as anti-phishing software.
How? Well, pop-up ads can actually be disguised malware — once you click on the ad, you'll be redirected to a phishing site. These ads are clever, too. Sometimes, the button to exit out of the pop-up is actually a hidden link to get you to their fraudulent website. Always look for the small “x” in the upper corner of the pop-up and only use this button to close the advertisement.
7. Be Stingy With Your Information
Don't go giving your information away to just anybody. If someone requests information about you or the company, verify this person is who they say they are, and that the information is necessary to share. A best practice is to never share personal information over email.
There should always be a secure form, account or server this information can be passed through. If someone asks for financial or personal information over email and wants to bypass more professional documentation to “speed up the process,” this should be a clear indicator of deceit.
8. Keep an Eye on Your Accounts
As we become more digital-centric, we continue to make more accounts on more websites, apps and programs. From banking to social media, these accounts store a lot of private, sensitive information. This is the same for businesses. It's crucial to regularly check your accounts to make sure they're still secure.
If you don't regularly check your accounts, you may not notice you've fallen victim to a scam until way later. When a scammer takes your information, they won't be kind enough to give you a confirmation that you've just been scammed — you'll only notice it once you see unauthorized bank statements or weird account activity.
Checking your accounts routinely can help you identify any scams and address them sooner rather than later and get your business back to a secure level.
9. Use Antivirus Software
If you want to protect your business's data, antivirus software is a no-brainer. Antivirus software checks all of the files you view or download for any malware, which can put your mind at ease because you'll know your software is there to protect you. With regular and consistent updates, this software will also be aware of any new or unique scamming or hacking techniques that have surfaced.
Keep Scammers Away With Services From Eden Data
We know you're passionate about your business, but are you passionate about data security? We are! At Eden Data, we make it our mission to secure and protect your data. Leave the data protection to us, so you can focus on the things you do best, like running your successful business.