Have you ever received an email that asked you for a password or secure login? Do you wonder whether your client information is secure enough?
Every year, American businesses lose more than $500 million to a type of cyber attack called phishing. Despite a major push to secure client data, businesses of every size fall victim to sophisticated email scams.
If you need more information about phishing scams, this article's for you. We'll give you the lowdown on phishing schemes and help you get started with securing your data.
How Prevalent are Phishing Scams?
If you're wondering how to avoid phishing scams, there's an easy answer. Delete all suspicious emails.
But how can you tell if an email is fake? Even businesses with over-the-top security protocols have a hard time separating fact from fiction.
A Lithuanian hacker recently plead guilty to receiving more than $100 million from Facebook and Google. He sent fake emails on behalf of a real company and didn't get caught for three years.
There are several types of phishing scams. Is your company vulnerable? The answer is, unfortunately, yes.
Smishing
Phishing has become so prevalent that nobody is immune. You might think that your cell phone is protected from hackers and that your text messages are safe.
What you need to know, however, is that smishing is becoming increasingly common. Smishing means phishing via SMS, or text message. Lately the trend has been a random text message asking you to verify a code.
You might receive a message that seems legitimate. It might tell you to "click on this link and put in your password. Update your information so we don't close your account."
What you need to know is that legitimate businesses will not pressure you to change your login or give your password to them. They're more likely to contact you by mail or via an email.
Vishing
Another form of phishing is called vishing, or phone-based phishing. A hacker will call you directly via phone, posing as a representative of your company or one of your clients.
They will probably know your name and place of business. They might ask you for your credit card number, your bank account and routing information, or a password.
Hackers might pose as representatives of the IRS, asking you to make a payment due to an audit. If you haven't received anything via regular mail, you can be sure that the phone call is a scam.
In general, it's best to avoid giving out personal information over the phone.
Whaling
Vishing and whaling are two sides of the same coin, but whaling targets C-level executives. Hackers target upper management with realistic-seeming emails and phone calls.
They might ask for a status update on a wire transfer or pose as a banking representative. Hackers might even pose as human resources or accounting employees, a tactic that often works in large companies.
When you're reporting phishing scams, you should contact the Federal Trade Commission. Keep the emails that you receive and record phone calls, if possible.
Search Engine Phishing
In addition to phone and email phishing scams, search engine phishing is a common ploy. Instead of sending emails, hackers create fake websites that are designed to fool the average consumer.
You might think that you're clicking on Amazon.com, but you're really clicking on Amazon.org. It's a subtle difference, and some fake websites resemble the real thing in every aspect.
If you think that you're being targeted for malware, email phishing scams, or "spoofed" websites, it might be time to contract with a managed IT provider. They can proactively install software updates and help secure your client data.
Spear Phishing
Only one-quarter of all small- and medium-sized businesses consider themselves secure and invulnerable to a phishing attack. The reality is, however, that using the internet for non-work purposes could leave you wide open to a data breach.
Facebook phishing scams are a great way to deliver malware to your computer, especially if you're using the website at work. Hackers personalize their attacks, enticing social media users to click on outside links.
Once you've left the security of the social media site, you'll be asked to put in your credit card information or bank account passcode.
If you surf the web at work, you could be giving hackers access to all the client data you access from your terminal. Is your business secure?
Moving Client Data to the Cloud
The one thing that all phishing scams have in common is the need for data. Client data, personal data, and financial information.
To get started, talk to your IT provider about the security protocols you have in place. Ask them to do a security audit and to make recommendations about how to improve your security.
One easy way to lock down your clients' data is to move your data storage offsite. Remote data storage is referred to as "cloud storage," and it has advantages for businesses of every size.
You'll have access to IT techs who specialize in cloud storage and cyber-security. You'll also have a secure backup of client files in case of a hacking attack.
You may have to restrict employee access to the internet, however, to cut down on phishing scams that could infect your work computers.
Get Started with Managed IT Services
The first step toward a secure workplace is to talk with an Cloud IT provider. They will have an objective perspective and will deliver a report detailing your security threats.
Cyber attacks aren't going away, so it's up to us to secure our client records and personal information. It takes constant vigilance to avoid phishing scams, but we can help. Contact us @ 602-754-0101
