How can you protect your small business from email phishing scams? This guide explains what to look out for and how you can avoid falling victim to scammers...
Scams come in all shapes and sizes, from dodgy emails to fake sites, on SMS or WhatsApp, there are lots of attacks and these are growing with frequency.
Phishing attacks are the most common method used to breach organisations today and account for over 80% of successful attacks. All businesses, regardless of their size, will store information that is of value to cyber criminals, such as customer details or payment information.
Email phishing is a method used by cyber criminals to access valuable information, such as usernames and passwords or account details. The emails are often sent at random to thousands of people at a time claiming to come from a reputable company such as your bank or credit card company. The most commonly imitated brands include Apple, Netflix, HMRC and WhatsApp.
However, the scams can also be more targeted. Spear phishing is where someone acts as a trusted sender, like one of your clients or suppliers, in order to get you to divulge confidential information or transfer funds - invoice fraud is being seen with increasing regularity. Whilst this requires more research on their part, you and your employees are far more likely to send such information, or process payments, to someone that you trustphishinPhishing Scams Work.
The emails try to trick people into panicking and visiting a bogus website, usually by claiming they need to “verify” or “update” details, or “reactivate” an account. Senders will typically ask users to click a link to a website designed to harvest credentials, or open an attachment – usually malware – that can infect devices.
Sometimes a phishing email doesn’t include a link, but could come in the form of an unexpected invoice, perhaps threatening legal action if you don’t pay up immediately or alternatively more positive emails with the promise that you are due a tax rebate.
Phishing attacks are an all-too-common threat, and can cause security breaches and data leaks for businesses, no matter how small. In 2019, 31% of small businesses identified cyber security breaches or attacks.
Sensitive information can often be compromised in an attack, including personal data, bank details and passwords. Staying GDPR compliant means it’s important to know how to protect data. Unfortunately, you can’t stop phishing emails from landing in your inbox, but you can learn how to spot suspicious activity and be prepared to deal with a spam email safely.
The most important question to ask yourself is: was I expecting this email? If the answer is no, then think before you click.
User education is vital. Teach your team how to spot fake emails and make sure they’re aware of the processes that are in place in your cyber security policy. Employees who don’t know how to spot a phishing attempt could put your organisation at serious risk. If your business employs multiple staff, it may be worth investing in an email monitoring service to scan all inbound links and attachments and quarantine suspicious emails before they reach their intended target.
It's important that you install and regularly update anti-virus protection across all of your organisation’s devices, including computers, tablets and mobile phones. Always patch software when new updates become available. Ideally, all software across all devices should be set to update automatically.
Using the same or similar passwords across a range of services can make it easy for hackers to access all of your accounts following a single breach. Use a password manager and create strong and varied passwords (using a mixture of letters, numbers and symbols) for each individual account.
If you’re unfortunate enough to have been fooled by a phishing attempt, remember, you’re not the only one. It’s important that you identify what information has been stolen or if a virus has been installed as soon as possible. If you’ve given out personal information, such as banking information or credit card details, contact the relevant companies immediately and let them know what has happened.
You can also contact Action Fraud, the UK’s national fraud and cyber-crime reporting centre. It provides a central point of contact for information and can help you report fraud if you’ve fallen victim.
With more small businesses now operating in the digital space as a result of the Coronavirus pandemic, we've seen a significant spike in cyber-crime, showing just how important it is to be vigilant. In response, XFE launched the Business Masterclass: Online Presence series, supported by ABF The Soldiers’ Charity.
These free half-day workshops, delivered virtually, allow both new and established business owners the opportunity to explore their online offering within the supportive environment of a facilitated group, and hear from invited experts in the field.
The next Masterclass takes place this Thursday and a few places remain available.
Ensure your business is in the best possible place to prosper within the 'new normal' - book your free place now.
The above article is an abridged version of a longer guide to protecting your small business against phishing scams which appears on our Knowledge Exchange Hub.