For years, cybersecurity’s biggest threat has been the ever-evolving technology used in phishing schemes, and it’s more than likely that you’ve already been targeted.
Since 2017, there has been a noticeable jump in the number of phony emails, spam phone calls and even suspicious text messages being sent by cybercriminals. Unfortunately, these tactics continue to work. According to Phishlabs’ 2019 report, there was a 40% increase in phishing attacks in 2018, with another 21% increase reported in the second half of 2019. And if you’re based in the United States, you’re even more likely to be at risk – Comodo reported that the U.S. has the highest number of phishing sites in the world.
Let’s take a closer look at these phishing schemes by examining who is at risk and reviewing the warning signs to look out for.
Who is Being Targeted?
Although cybercriminals certainly don’t discriminate, there seem to be several industries that are more likely than others to find security threats in their inboxes.
According to Statisa, businesses that deal in digital commerce, payment systems or that are in the financial sector are targeted more than others. Why? Because these companies typically have troves of personally identifiable information (PII) that can be extracted and used to tap into people’s accounts and identities.
But just because you’re not in the digital payment or financial industries does not mean you can let your guard down when it comes to cybersecurity. Small businesses are often at risk for phishing schemes because their budgets don’t allow for robust online security programs. In fact, Accenture reported that in 2019, 43% of cyberattacks were on small businesses, but unfortunately, only 14% had measures in place to protect themselves.
Many times, it seems hackers believe small businesses are easier to infiltrate with their realistic-looking emails, and for many harried, hard-working small business employees trying to clear out their inbox, it’s easy to accidentally click on an invasive link.
What Should You Look Out For?
Of course, getting your personal or business information hacked can happen at any time of the year, but there are certain times when it’s important to be extra vigilant, like during the holiday season or as income taxes are being filed. Since we’re in tax season, here’s what to keep an eye out for:
- Fake Calls from Larger Companies: In 2018, the top three companies being used as a cover for phishing were Microsoft, Google and Facebook, with several financial institutions like Chase and Wells Fargo not far behind. It’s important to be diligent when assessing phone calls from larger technology companies or banks. Often, these companies have stringent rules in place about never asking for certain information over the phone, so be sure to check before sharing anything about yourself.
- Voicemails Created with Voice Technology: Hackers have been utilizing new technologies that can create audio that mimics human voices, to the point where it’s difficult to notice the small differences between a real voice and a fake one. From small business owners to big-time CEOs, anyone could be at risk, like this CEO who was scammed out of a quarter of a million dollars in 2019.
- Replicate Log-In Pages: Phishing kits are a set of tools that can be purchased by hackers to completely replicate webpages to look legitimate. It’s an easy way to catch someone who isn’t paying attention – send an email saying you need to urgently check your account, and then after you enter your password information, hackers can use it however they please. It’s important to question emails that are “time-sensitive” and need you to log in immediately. Be sure to check the sender’s email address for validity before clicking on any links or call the institution to confirm the email.
- Gift Card Emails: A new scam has become popular especially around the holiday season. Cybercriminals will create a fake email that appears to come from an employee’s manager, president or CEO, asking them to purchase several gift cards and send them the number on the back. This scheme plays on an employee’s inherent drive to follow instructions and avoid disappointing their boss. If you receive an email like this, be sure to confirm with your management before making any purchases.
How Can You Protect Your Business?
Regardless of the size of your business, it’s important to follow cybersecurity protocol and ensure that your team is trained to spot potential threats. Here are our top tips on avoiding being a phishing scheme victim:
- If you receive an email that strikes you as ingenuine or worrisome, trust your gut – it probably is. Don’t click on any links, downloads or attachments in an email that looks suspicious and be sure to confirm with the sender before taking any action.
- If someone calls posing as a bank or a financial institution and asks you for personal information over the phone, don’t give it to them. It’s best practice to instead call the company directly and verify if it was them calling.
- If you’re asked to enter your login information, be sure to verify any URLs or email addresses that ask for this information before offering it.
- It’s important to discuss current cybercriminal trends with your employees, and stress that they reach out if they receive any phone calls, emails or texts that could be suspicious. Taking the time to create online security protocols for your business and employees can save your business lots of time and money in the future.
If you’re looking for more in-depth security for you and your business, it’s time to reach out to Switchfast. Our team can complete security audits on your assets and provide the IT management to ensure your sensitive information stays protected.