Unfortunately, there is an army of people in the world who seek to take advantage of business owners by misleading them and stealing their money. We recently got a distressed call from a customer who said she had received a call from somebody who said they represented Repair Shop Websites and that she was behind on her bill and needed to pay them right away. Thankfully the customer did not act on the phone call, hung up and called us immediately. As a business owner or manager, you have to be aware of what’s happening around you and alert to any potential manipulative or misleading attacks at all times. As soon as you put your defenses down, somebody can swoop in and steal your credentials and/or your money before you even know what happened.
What is Phishing?
The definitions of phishing vary so I’ll highlight three that I think together encompass the full scope of it.
The Federal Trade Commission (FTC) says that phishing is when scammers use email or text messages to try to steal your passwords, account numbers, or Social Security numbers. They use that information to access your email, bank and other accounts, or they sell it to other scammers. The FTC also has a solid article on how to recognize and avoid phishing scams. (https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams)
Cisco defines phishing as the practice of sending fraudulent communications that appear to come from a legitimate and reputable source, usually through email and text messaging. Cisco also has a really good, in-depth portal about phishing with lots of information. (https://www.cisco.com/c/en/us/products/security/email-security/what-is-phishing.html)
And finally, the crowdsourced definition of phishing on Wikipedia is that phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware or ransomware.
Basic Protection from Phishing and Other Attacks
While phone calls are officially not included as phishing, it’s important to note that these types of social engineering attacks can come from email, phone, text, messenger systems (like Facebook), and any other platform you use to communicate with the world. You always need to have your radar up.
The best thing you can do if you receive something that you think is suspicious, no matter the source, is to directly call the person or company that you supposedly received the communication from. Like in the example used above, our customer got off the phone with the liar and called us directly. You should do the same thing in every instance where something seems off. These attackers may imitate your bank, a business partner, business owner, phone provider, vendor, and anyone else who might get you to take an action.
Do not click on a link in an email or a text message from a suspicious source. This is one of the quickest ways for cyber attackers to get access to your personal information.
Do not open an attachment in an email or a text message from a suspicious source. Again, this is another popular way to steal your credentials.
A business’s defenses are only as strong as its weakest link. Make sure to educate your team members about the importance of awareness. We use a company for security awareness training called KnowBe4 (https://www.knowbe4.com/ ) and one of their important messages is “Think before you click.”
Next Steps
Keeping your awareness level high and understanding that these attackers are out there is a big step toward protecting your business. Educating and training your team members and teammates is another one.
Continuously emphasize the importance of vigilance. You usually need to say something at least 12 to 24 times before people start to hear it. So if you feel like you are beating it into the ground…keep saying it.
Encouraging everybody to raise a flag if they see ANYTHING that could be suspicious is also important. You’d rather have 100 (or more) red flags raised than one successful attack.
Every business has its own risk factors. It’s important that you educate yourself about the details of phishing and other attacks so that you understand your biggest risks. The Cisco portal above does a great job of digging deep into several aspects of phishing. There are many other sources as well.
Continuous training can be very helpful. KnowBe4’s training is impactful and there are other options as well.
For additional information on other steps you can take to protect your business and your personal accounts, please read our blog Bad Passwords and 8 Other Cyber Security Errors to Avoid. (https://www.repairshopwebsites.com/bad-passwords-and-9-other-cyber-security-errors-to-avoid/)
We also recommend that you read our blog Facebook Messenger Scams Targeting Auto Repair Shops. (https://www.repairshopwebsites.com/facebook-messenger-scams-targeting-auto-repair-shops/) Cyber attackers have specifically focused on using Facebook Messenger and Instagram Messenger to target businesses over the last few years.
Please stay vigilant and if you have any questions, please contact us at 866-655-1605.