When it comes to protecting your small business from cyber attacks, you shouldn’t just be on the lookout for sophisticated hacks. Phishing emails, phone calls, and text messages are becoming increasingly common, and although they appear to be quite simple, they can be very dangerous for those who receive them. A phishing attack can cause a business to experience reputational damage with clients and customers, financial losses, data leaks, or even legal trouble.
What is phishing?
Phishing is a type of cybercrime where fraudulent communications are used to trick users into revealing sensitive information, like passwords or credit card information. Generally, phishing lures are disguised in the form of text messages, websites or emails from seemingly legitimate sources.
Phishing attempts can occur through a number different of mediums, including email, phone calls, text messaging or even faxing. Sometimes phishing schemes will target large groups of users at once, employing a strategy known as “volume mailers,” or they’ll be more specific and direct their efforts toward a business area, such as a call center or finance department. In some instances, they’ll even target their phishing emails or phone calls to a specific role (e.g. a finance clerk) or individual. For instance, they may reach out to the CFO or owner of a small company, since they have the most direct access to the company’s finances.
Who is at risk of phishing attacks?
There’s a common misconception that cybercriminals only target larger companies, but those of all shapes and sizes are at risk. In fact, 54 per cent of email scams target small businesses. In some cases, smaller companies can be easier to hack since they often lack the resources and protective barriers that larger ones rely on fend off cyber hackers. They can also be a vulnerable entry point to go after larger vendors or suppliers.
54 per cent of email scams target small businesses.
Examples of common phishing scams
The more emotionally charged the message, the more likely you are to click a link in an e-mail or comply with what is asked during a phone call before really considering all the details. The most recent approach to phishing scams is making use of the COVID-19 pandemic to take advantage of people who are worried about the virus.
Scammers have posed as health professionals claiming to represent organizations like The Canadian Red Cross or World Health Organization, in order to trick people into downloading malware or clicking malicious links. However, it doesn’t stop at emails. Phishing attempts connected to COVID-19 have also come in the form of spam phone calls and text messages.
Historically, hackers have also impersonated the Canada Revenue Agency, especially during tax season, or law enforcement officers, using emails or phone calls to extract personal information and money from their victims.
How to spot a phishing email
It’s vital that every employee of a small business knows how to spot a phishing email, so they don’t accidentally click a dangerous link or send out information they shouldn’t. Learning a few quick tricks on how to spot a suspicious email can save your business a lot of money and time in the future. Below, we outline some tips:
- Be suspicious:
- First, ask yourself a few questions like, “Was this an email I was expecting?” or “Do I normally do business with this person?” Sometimes phishing emails are meant to make us panic, claiming things like information has been stolen, and then offering a quick fix. Be wary of emails like this, as they’re generally a scam.
- When in doubt, proofread:
- Sometimes hackers will miss spelling mistakes and bad grammar. Read any communications you receive very carefully, and if you do spot some mistakes, be wary.
- Check e-mail addresses and links:
- Some phishing emails will be sent from email addresses you can immediately tell are not legitimate. In other cases, you may have to use your mouse to hover over the name of the email sender to see the address it came from. If someone claims they are emailing you from a trusted financial institution, but their email address doesn’t end in that institutions name, that could be a red flag. It’s also important to hover over any links that are included in the email to make sure the URL matches the one it purports to lead to.
- Be on the lookout for calls to action:
- In order for a phishing email or phone call to be successful, they need the recipient to take some sort of action, whether that be providing your login credentials, clicking a link, or performing a certain task. Be on the lookout for calls to action. Does the email request information from you? Does it ask you for your username or password, or want you to login to a website to access something? Does it contain links or an attachment you weren’t expecting? If it does include any of these requests, make sure to use some of the other tips provided to make sure it’s from a legitimate source.
Cyber insurance can help
Despite all of your precautions and employee training, sometimes a phishing email or phone call can be successful and lead to a range of problems for your business. You may have to deal with financial losses, data leaks, reputational damage with clients and customers, or even legal trouble. Cyber risk insurance can help with the costs of some of these issues and ensure your bottom line isn’t negatively impacted. Visit our cyber risk insurance page today to learn more about how we can help your business!
This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information. Terms, conditions and exclusions apply to coverage. See policy for details.