In today’s world, that old saying has been updated and modified.
Now, cybercrooks go phishing for information from individuals and businesses. The scammers don’t come right out and say, “Can you give me your email address and password so I can steal thousands of dollars from you?” Instead, they also take the indirect approach…through phishing.
They use all sort of trickery—well-disguised lies and deceit—to extract valuable information from businesses and their employees. Their bag of tricks includes emails, texts and fake websites that seem to be legitimate to lure you in. Once you’re hooked, they can reel in all types of company secrets and steal boatloads of dollars.
• Why employees make good victims.
• The signs of a phishing attempt.
• What happens when victims are hooked.
• How to thwart phishing attempts.
Cybercrime cost individuals and businesses more than $4 billion in losses in 2020, according to an FBI report. The tricks scammers use on citizens are easily adapted for businesses of all sizes, with phishing attacks leading the list of scams reported to the FBI.
• They may also fall into a routine and be somewhat complacent, which makes them susceptible to a phishing attempt
• If there are a few hundred employees in your company, one employee may not be familiar with who is on your executive team and could be easily fooled by an email from someone posing as a high-level authority, which is known as business email compromise, or BEC
Phishing emails (and sometimes texts) are designed to trick you into believing that the message is from a trustworthy source, such as a person or company you know. Here are some of the possibilities:
• The scammer might impersonate a vendor that is sending an invoice
• The message could appear to come from an important client
• It could look as if a coworker has sent a message
No matter who these con artists are or their skill level, they will still generally take the same approach:
• The message will come from a fictitious person at the same company or from a fake or impersonated person from a different company
• The message will direct the reader to take some type of quick action—urgency is always a factor because the scammer knows he will get only once chance and must make the best of it
If the recipient isn’t careful, isn’t paying attention or is rushed, they might respond to the email (believing the sender and the request are legitimate) and take the action requested by the scammer:
• Downloading fake invoices and forwarding them, with approval for payment
• Providing passwords to networks or to the company intranet
• Divulging sensitive company information such as employee names, phone numbers, email addresses or account numbers
• Clicking on email links that infect computers and company networks with malware, perhaps even ransomware
No matter the size of the company, it is vitally important for business owners and management teams to fully understand and be aware of phishing attempts and to have some type of cyber-readiness plan in place to help thwart them and prevent losses:
• Look at the return address of an email and verify that it is (and not simply looks) legitimate
• NEVER click on an attachment without ensuring the sender is 100% legitimate—most malware is launched by employees clicking on dangerous links
• If a request seems odd or out of the ordinary—even if it seems to be from someone you know—call the person or department directly to verify the request
• Do not reply to an email unless you are certain it is safe to do so
• Do not call any numbers listed in the email message or visit listed websites
• See if the website address has the “secure” symbol and begins with “https”—scammers often won’t bother to secure their fake websites
• Do an internet search of the organization by typing in the name and adding the word “scam” after it
• You can also do a search using the exact wording of the email message itself or the subject line of the email—many times that helps uncover a phishing attempt or other scam
For more information on protecting your business from business fraud and other dangers, visit the Banc of California Business Insights page on the Banc of California website. It provides valuable information from business experts on a variety of topics, including cybersecurity.