Common Phishing Attacks and What to Do About Them

It is important to keep your small business safe from danger, which includes common phishing attacks. You’ve worked hard to build a reputable, profitable organization, and it deserves to be protected. Unfortunately, there are threats to your business around every corner. In this post, we’ll focus on one of the most frequent digital threats – phishing.

What is “Phishing?”

The Federal Trade Commission (FTC) reports that “phishing is a type of online scam that targets consumers by sending them an email that appears to be from a well-known source.” ^[1] Federal Trade Commission Consumer Advice. “How To Recognize and Avoid Phishing Scams.” Accessed July 30, 2019. In other words, a hacker sends an email to you or someone in your business disguised as important information from a crucial vendor, customer, or high-level employee. Typically, the hacker will do their research and make the email as official-looking as possible, encouraging you to open it. Once you do so, your entire business could be at risk.

Common Phishing Attacks

Research shows that employees receive 4.8 phishing emails in a 5-day work week. Nearly 30% of those emails typically make it past default security, which puts your business at risk. Unfortunately, these attacks have seen a high success rate in recent years, empowering hackers to launch more of them. Today, phishing attacks are global and affect every region of the economy.

There are many types of phishing scams, but about half are malware attacks. ^[2] Small Business Trends. “Common Phishing Traps to Avoid.” Accessed July 30, 2019. In a malware attack, a hidden link triggers a download to our device. Once downloaded, the file gives the hacker access to your system. This could allow them to hold your device hostage, steal credit card information, spy on operations, and more.

The other most common type of phishing scam is called “credential harvesting.” Through this type of attack, a hacker attempts to steal username and password information. Often, they will impersonate a trusted brand to convince you to reset your password or payment information. Your information is then directly sent to the hacker, allowing them to easily tamper with your account or even charge items to your credit card. This is one of the main reasons you should never use the same password across multiple accounts! Chances are, the hacker will try your password in many places.

What Can I do About It?

Here are some measures you can take to protect yourself and your business.

• Implement an email security platform. An email security platform can catch attacks before they reach your inbox. Some great options are available from companies like Cisco, Barracuda, Microsoft, and more. Make sure your choice includes intelligent scanning, full-suite protection, and layered security.
• Educate employees on the dangers of phishing emails and encourage them never to click on anything that seems suspicious.
• If you suspect an email may be a phishing attack, do not open it. Instead, contact your IT expert or simply delete the email. This infographic provides additional statistics on phishing via Small Business Trends.

Secure Merchant Services

If you implement the right security measures and stay informed of the latest phishing trends, you can effectively protect your business and gain peace of mind.

Kurv offers high-quality, secure payment processing services to merchants across the nation. We have been PCI Level-1 Certified for more than a decade because we believe in payment security and continue to fight data compromise. The PCI Security Standards Council monitors threats and works to improve the way we handle them by enhancing the PCI Security Standards and training security professionals ^[3] PCI Security Standards Council. “About Us.” Accessed July 30, 2019. . We are proudly PCI-compliant because we always have our merchants’ best interests in mind.

If you’re looking for a new solution to securely process payments and manage your business, contact us today!