Phishing is an age-old cybercrime. It is the online version of being conned and has survived since the early ages of the Internet for one obvious reason: It really works. The setup is typically a bad guy that poses as a trusted entity online to steal your personal information and extort money. These scammers sit at their computers and pretend to be legitimate trusted companies or people you may know (like your bank, credit card issuer, coworker, or relative) as a way of tricking you into handing over personal information and even money.
Phishing comes in many forms, and phishing email scams are growing even more prevalent on small and midsized businesses. “Why?” you ask. You see cybercriminals typically assume smaller business owners don’t have the resources and expertise that large companies typically have to defend themselves, making them a huge target.
If you’ve always believed your company isn’t vulnerable to an outside security threat, you’re not alone – 88% of companies believe the very same thing. But the reality is that if you’re opening emails, running a Facebook page, or even just accessing the Internet, you are a target.
A Recent Phishing Scam
In fact, we were recently hit with a phishing scam. In November 2015, our comptroller received what appeared to be an email from me. When you see the email below, it looks exactly like it’s coming from me. It even includes my picture and email address.
From her perspective, it’s not unusual for me to send these types of emails to request payments for various accounts. So, my comptroller fell for it and transferred $10,000 to this cybercriminal.
But something inside her didn’t feel right the moment she hit “send”. About four minutes after she transferred the funds, she called me to confirm this request was legit. As soon as she found out I had no idea what she was talking about, she called the bank and got the transfer stopped. Just a few more minutes and we would have lost $10,000!
With so much data online, this cybercriminal was able to pull our contact information and send my comptroller an email that looks exactly like it was coming from me but from an outside email service. When she replied to the email to respond to my “so-called” request, she felt something was funny, but missed that the email return address was slightly different. Likely the funny feeling she had was her subconscious noting the wrong return address even when she wasn’t consciously aware of it. If it wasn’t for her quick action to call me to verify, that cybercriminal would have gotten away with the money transfer.
Best Line of Defense
The reason I share this openly is because if it happened to me, it can happen to you, too. Small businesses can particularly be vulnerable because they often have less resources and defenses. Even if you consider yourself cyber-savvy, you still need to keep your guard up for any new tricks and be proactive about your safety.
To help protect business from these types of phishing scam emails, here are 3 tips to get you started.
By implementing these precautions and best practices, you can help mitigate business risks associated with these types of cyberattacks and help stop cybercrime from happening to you.