WARNING: Here is What Every Small or Midsize Business Needs to Know About Phishing Scams

According to the website www.phishing.org,  “Phishing is a cybercrime in which a target or targets are contacted by e-mail, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.”

By now, if you have been in front of your computer for any period of time, you will have noticed the increase in spam e-mails claiming to support you during the COVID-19 Pandemic in various ways such as expediting the IRS’ stimulus check, helping complete Paycheck Payment Program Loans, finding cleaning supplies, etc.  Most of these e-mails appear to come from government agencies or reputable businesses.  A closer look will help you identify that these e-mails are possibly being sent by people that have nothing to do with those agencies or businesses.  They are “phishing” for information.

Statista.com indicates that at the end of April 2019 there were an estimated 293.6 billion e-mails sent around the globe and a whopping 55% of these e-mails were spam.  1 out of every 99 spam e-mails are estimated to be phishing e-mails and are malicious attackers who are disguised as legitimate companies and/or organizations with the intent to steal information from unaware users.  We also learned that 41% of attacks impersonated trusted companies and asked victims to divulge personal information. Another alarming finding was that 65% of Phishing telephone calls made on Fridays succeeded.

It is important your staff is aware that phishing can happen to anyone but there are proactive steps they can take to identify and prevent phishing.  These steps can include:

• Look for Generic Greetings. Most phishing e-mails are not addressed to anyone in particular.  They can include greetings such as “All:” or Hello {e-mail username}, etc.
• Notice Misspellings, Poor Grammar, and Odd Phrasing. Most phishing e-mails are poorly written. As an example, the following text comes from an e-mail received by one of our staff members, “Good day to you please kindly confirm that you are available at your desk we would like to request a quote for some equipment kindly get back to me as soon as you can.” I guess punctuation was lost in the transmission! 
• Examine the Sender’s E-Mail Address.  Always look at the e-mail address from the sender. You will be surprised by how many times e-mails seem to come from a staff member and actually have an unknown address, i.e. Adam Smith <quick.reply123@gmail.com>.

• Look for Urgency or Demanding Actions. Most phishing e-mails demand an action take place immediately or a negative consequence will take place, i.e. “All employees are required to read the attached policy immediately please reply to this e-mail before {date} or as soon as you read them.”   
• Carefully Check All Links. Avoid clicking on links to documents and/or unsecured websites provided in the body of the e-mail until you have confirmed the e-mail is legitimate; not doing so could result in a virus infecting your computer.
• Check the Validity of the Attachment Before Opening It. Similarly, make sure that attachments are meant for you. If you are not in Accounts Payable, do not open an attachment titled “Invoice”; if you are, check that the sender is someone you actually do business with.

The use of spam filters is highly recommended to reduce the amount of malicious e-mails.  Make sure that these filters are well managed.  This means that whenever you receive a suspicious e-mail you instruct your filter to block the sender’s domain.  This effort that you invest in managing your spam filter will greatly reduce the potential for falling prey to an attack.

As mentioned earlier, be aware that phishing can happen to all of us.  Train yourself to catch suspicious e-mails and to block them with your spam filter and when in doubt, ask your IT support for help.