What’s a phishing scam, and how do you protect your business from them?

Online threats can take many forms.

But of the different types, a phishing attack is one of the most likely to affect your business. A good antivirus will sniff out viruses, a spam filter should hopefully pick out any malware or compromised files in your inbox, but a phishing attack? That requires you to be on the lookout and not give up any important info to the wrong people.

Recently, we’ve noticed quite a few clients that have received sophisticated phishing emails. So, we thought it’s a good time to provide actionable tips to help protect your business from these kinds of attacks.

 

But first, what is a phishing attack?

Phishing (sometimes called social engineering) is when someone uses emails, phone calls, or text messages to trick you into giving up sensitive information. From the infamous “Nigerian Prince” scam in the early days of the internet, to a fake email warning you that your Facebook account is about to be deactivated, this type of cyber threat is varied.

 

What do you look for when spotting a phishing attack?

Since phishing scams rely on you voluntarily giving up information, it’s important that you triple check any emails or websites asking you for sensitive details. Some easy details that can tip you off to a phishing email:

  • An unusual or different email address

  • Websites that don’t look quite right

  • A person or company you haven’t worked with in a while suddenly reaching out with an invoice

What to do if you think you’re being phished?

First of all, make sure you reach out to the person or company if you’re suspicious. Ideally, give them a call on a number you’ve used previously, or Google their business and get their details that way. Don’t rely on any information in the email as the attackers may have set up phone numbers or fake emails to intercept any contacts trying to verify the attack.

Alternatively, a managed email service, like the one we offer at NQBE Integrated IT, can help vet any suspicious attempts on your behalf and advise you on how to protect yourself.

 

Okay, so what if I accidentally gave up my details?

Don’t be embarrassed, some of the phishing attempts we’ve seen recently have been very sophisticated. It’s easy to be tricked, especially if you are expecting something legitimate.

First and foremost, depending on what information you gave up, you’ll need to do a few things.

  • If it was a username and password, login and try to change it immediately.

  • If you can, double check if there’s any information in the account that could also be compromised (think credit card details, other login credentials, 2FA details, etc).

    • If you can’t login, try and recover the account immediately by contacting the company in charge, let them know you’ve been scammed and get them to freeze your account while they verify your identity

  • If you gave up credit/debit card details, contact your bank immediately and freeze the account.

    • Also get them to double-check any purchases made after you entered the details and see if they can be reversed.

  • Lastly if you had your email compromised, reach out to your clients/suppliers, IT provider, and anyone else you work with regularly and let them know that you’ve been hacked. The scammer may use your address book to reach out to them impersonating you so they can attack more people.

If you want to tighten up your cyber security, or have any concerns about your verification processes, NQBE Integrated IT is here to help. Contact us today and we’ll help equip your team to spot these attacks and keep your business safe.

Rebel Nation