Don’t Take the Bait
Phishing attacks put companies, customers at risk
In today’s digital age, cyberattacks seem to be very common, and that can make them very dangerous to both businesses as well as their customers. One of the ways the cybercriminal are getting more sophisticated is via a practice known as phishing.
Phishing is a fraudulent act of someone sending an email that is supposedly from a trusted company to get the recipient to give out personal data like credit or banking account information, website passwords, or more. They don’t merely attack private individuals though; these days, they are going for bigger fish – they want to trick business employees into revealing information that, in turn, causes major financial losses.
According to a 2019 study done by the Ponemon Institute involving more than 500 organizations from 16 countries across 17 different industries, the average cost of a data breach to a business was nearly $4 million, with the U.S. suffering the most expensive average of a little over $8 million. That was an increase of 1.5% from a previous study the institute did in 2018 and more than a 12% rise since a study done in 2014.
These phishing attacks harm a business not only financially from the attack itself, but it causes customers to lose faith and trust in it so the business continues to lose money due to damage to its reputation. Due to that, many businesses are doing things such as hiring special cybersecurity companies that work to protect them and their customers from phishing schemes.
Cybercrooks are way more sophisticated than in the past. They are doing things such as impersonating trusted entities like a bank, a credit card company, or even employee human resources portals. The email could even use someone’s real name, unlike in the past, when it may have merely been addressed generically by saying “account holder.”
Plus, they now are using real company logos and letterhead, so it is even harder to detect the fake from the real thing. For example, the email may come from email@example.com instead of firstname.lastname@example.org, so you have to go over each and every email carefully prior to responding and never just automatically breeze through an email, click on links or provide information blindly.
Furthermore, phishers tend to use Bitly, a tool that shortens web addresses so they can bypass email filters, so teach your employees not to click on unknown or shortened links in emails. Plus, the email may contain some sort of aggressive tone or tell the recipient that if he or she doesn’t do a certain task that some sort of dire problem is going to happen, thereby frightening that person into completing the act before he or she has a chance to think about it rationally.
Employees need to be trained to detect such fake emails, and their clients also need to learn how to read emails in a responsible fashion so they won’t be tricked into providing personal or a company’s private information. Cyber experts also recommend that companies utilize tools like anti-impersonation technology, sender reputation scoring, secure messaging, multifactor authentication tools and password managers.
The bottom line is that phishing attacks are no joking matter and can bring down both small and large businesses with ease if they aren’t paying attention.
Therefore, it is a vital issue for any business to train its employees on how to fight against them, as well as help inform customers how to protect themselves against a phishing attack. Be vigilant and aware, or the next data breach could happen to your business and ruin the lives and finances of you and your customers forever.