Emails scams are a common and increasing challenge for Australian business, with email being the second most popular delivery method for scammers.
The most common form of email scams is phishing scams, which is an attempt by scammers to trick you into giving out your personal or business information such as your bank account numbers, passwords and credit card numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day — and they’re often successful.
How To Identify Phishing Emails
Australians have lost nearly $1million to email phishing scams to-date in 2020, so it’s critical that you protect your business. Scammers are constantly updating their tactics, but there are some signs that will help you recognise a phishing email:
1. The Email Looks Genuine
Phishing emails may appear to come from a company you know or trust. They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store.
2. The Email Tells A Story
Phishing emails often tell a story to trick you into clicking on a link or opening an attachment. For instance, the email may:
- Say you must confirm business or personal information
- Ask you to click on a link to make a payment
- Claim that your eligible for a government refund or grant
- Include a fake invoice attachment
- Say they’ve noticed suspicious login attempts or activity
- Claim that there is a problem with a business account or payment information
How To Protect Your Business From Phishing Emails
Your email spam filters may keep many phishing emails out of your inbox. But scammers are always trying to outsmart spam filters, so it’s a good idea to add extra layers of protection. There are steps you can take today to protect your business from phishing attacks.
1. Use Security Software
Protect business computers, laptops, mobile phones and tablets by ensuring you use the latest security software, update this software automatically, and implement any security patches to deal with new threats
2. Secure Passwords and multi-factor authentication
Secure passwords are a key tool in protecting your business against cyber crime. Many accounts and applications now offer multi-factor authentication, meaning two or more credentials are required to log into an account. There are two categories of multi-factor authentication:
- Something you have – such as a passcode or password you receive via text message or authentication app
- Something you are – such as a retina, face or fingerprint scan
This makes it harder for scammers to access your accounts, even if they get your username and password.
3. Back up your data
It’s critical to protect your data with frequent backups, and ensure these backups aren’t connected to your network. Use external or cloud-based storage so even if a phishing attack occurs in your business, you have access to a reliable data backup.
4. Educate your staff
Most businesses blame cyber threats on outsiders but sometimes the threat actually originates from within when employees’ lack of awareness and/or negligence open the door. Educate your staff about the risk of cyber security threats, and how to identify potential threats such as phishing emails.
5. Stay up-to-date with the latest scams
Subscribe to regular scam alerts such produced by reputable IT companies such as Surety IT.
What To Do If you Suspect a Phishing Email
If your business receives an email that asks you to click on a link or attachment, ask the following questions:
1. Does the email look suspicious?
Use our above How To Identify A Phishing Email information as a guide
2. Do I have an account with the company or know the person contacting our business?
If the answer is no, this may well be a scam email.
3. Does the email look legitimate? Is this the way the contact normally communicates with us? Is the grammar correct? Does the email address match the genuine company email address?
Even if the email is from a known sender, if you are still suspicious, contact the company via phone or their website rather than click on email links. Confirm the email is genuine before you click on any links to avoid installing harmful malware.
What To Do If You Responded to a Phishing Email
If you believe a scammer may have obtained your information, take the following steps:
1. Update Your Software
If you think you clicked on a link or opened an attachment that downloaded harmful software, update your security software and run a scan, or contact your IT provider for expert assistance.
2. Report the Scam
If you got a phishing email or text message, report it to Scam Watch. Scamwatch is run by the Australian Competition and Consumer Commission (ACCC). It provides information to consumers and small businesses about how to recognise, avoid and report scams. The information you give can help fight the scammers.
3. Try to Limit the Damage
Unfortunately, if you’ve lost money to a scam or given out your personal details to a scammer, you’re unlikely to get your money back unless you have cyber crime insurance. However, Scam Watch provides information about the steps you can take straight away to limit the scam damage and protect yourself from further loss.
To protect your business from cyber crime, contact an expert IT company who can provide advice and assist with your cyber strategy and management.