Avoiding phishing attacks for small businesses
Phishing attacks involve incoming messages that seek to trick the recipient into divulging private information or trick them into making a payment to the scammer’s bank account.
The messages are normally by email but could be by any type of incoming messages such as online chat, text message and or redirection to a malicious web page.
While bigger companies will have strict procedures and IT policies, smaller companies can be vulnerable to this type of attack as they won’t have the same level of protection or staff training in place.
Our recent experience with a phishing attack
Recently we had a near-miss with a very sophisticated phishing attack.
We run an e-commerce website on behalf of a client so often handle enquiries, process orders by phone, email or website admin – Just Dining chairs
Therefore it was no surprise to get an email from a Hotmail email account asking if we were interested in providing an urgent quote for a job.
We replied confirming that we would and they sent back an email with a strange pdf document with a link to the project specification documents. When we clicked on the link it took us to a rather strange website that wanted us to log in with the email and password from our email accounts. This immediately rang alarm bells and we checked the URL and it was confirmed as a suspected phishing site.
The fact is that there are many well-known methods for sharing documents and large files such as Google Drive, Dropbox etc. Once a scammer has the email and password from one of your email accounts then there is the possibility of using this to steal financial information, blackmail you or get up to some other mischief.
Sending £5,200 to the wrong account through an email scam
In this day and age of Internet banking, transferring money is wonderfully easy, but does come with the risk on money going to the wrong place. The Guardian recently reported on a scam involving a small business that was tricked into sending money to a scammers bank account – Lloyds customer loses £5,200 in email scam – but can’t get refund
Surrey businesswoman Kate Levers was the latest victim of a fast-growing email scam, where a fraudster hacks into a company’s emails and poses as a legitimate contractor requiring payment, but to a new account.
The fraud occurred after she set up a bank transfer which she had been expecting. She then received a second email from the contractor asking her to make the payment to a different account. The second email was not genuine, and the new Lloyds account to which she sent the £5,200 was controlled by fraudsters. Previous victims of this scam have lost significantly larger sums.
The case is now under investigation by the Met Police but it highlights the need for constant vigilance. Once someone has your email account details they can set up the type of scam described.
How to Spot a Phishing Email
Some of the most common ways to spot a phishing email include:
- Fake email addresses: Phishing emails use fake email addresses that imitate a known brand, such as Apple, Adobe etc
- Impersonal messages: Phishing emails don’t address you by your name. Instead, they use general addresses like “Dear Apple User.”
- Fear tactics: Phishing emails use scare tactics like threats to close accounts to create a sense of urgency and cause you to make hasty or impulsive decisions that can prove disastrous.
- Bad spelling or grammar: scammers rarely spell well and often English isn’t their strong point.
- Faked URLs: hold your mouse over the URL in the message – has it been spoofed i.e. the displayed URL is very different from the actual destination URL.
- Asking to confirm personal information: your bank or other body should already have this information so be very suspicious of anyone that asks for it.
The speed and efficiency of communication via the Internet is a thing of wonder however with this great power comes the risk of being scammed. We provide excellent quality and secure web hosting including email accounts and hosted exchange email click this link for information: web and email hosting
We are happy to advise on any cyber security concerns that you may have.
Here are some guidelines that may help: