Success is a trap

How to protect your business from phishing scams

6 min read
Geoff Scott

Fishing can be an exceptionally relaxing way to spend a sunny autumn afternoon. That is, unless you’re the fish. The more contemporary concept of phishing scams thrusts everyone, from ordinary web surfers to marketers to high-level eCommerce executives, on the opposite end of the fishing pole.

What are phishing scams?

Put simply: Phishing scams are attempts by an outside source — generally a person or enterprise of questionable moral character — to pilfer your personal information for their own financial gain. And they cast a wide, effective net — costing companies roughly half a billion dollars per year in the U.S. alone.

Being able to avoid the bait set every day by hackers and scam artists is an important skill to cultivate for all internet users. And if you’re running any aspect of your business online, getting caught will cost you.

3 ways to protect your business from phishing scams

To help you steer clear of future headaches, here are three key ways to protect your business from the vast number of phishing scams lurking on the web:

  1. Use antivirus software.

  2. Migrate to HTTPS.

  3. Preach the importance of safe email use.

Let’s look at each strategy in more detail.

1. Use (and be sure to update) your antivirus software

Technology is your friend when it comes to circumventing clever phishing scams. Sometimes a phisher’s attempt might be so obvious we can’t believe they’d even try it — but this is unfortunately not always the case. In such situations, it’s crucial to have the right antivirus software in place.

There are a variety of tools and antivirus software services available online for business owners looking to fortify their website. Some are more expensive, others are free (but have exclusive features for paid customers only). Or if you believe your website has already been hacked, there are companies that will take time to clean up every instance of malware on your site.

Once your antivirus software is live, don’t just set it and forget it.

Viruses are constantly changing. Leaving all of your company data in the hands of out-of-date software is asking for trouble. Studies have found that out-of-date antivirus software is similar to having no antivirus protection at all, so make sure such updates are being handled on a regular basis.

Lastly, to reiterate the importance of having effective antivirus technology, understand that there are breach notification laws in all 50 states today. Not only will falling for phishing scams compromise the data of you and your users, but you’ll also need to publicly acknowledge your failure to keep the personal information of your customers safe. A data and PR nightmare, to be sure.

2. Migrate your website to HTTPS (and watch out for HTTPS scams)

Phishing Scams HTTPS

One type of phishing that is less publicized but equally dangerous is referred to as pharming, and it can affect your website without a single affirmative action (like clicking a link or downloading an attachment). HTTPS prevents this from occurring (and more) by encrypting the data that moves to and from your site.

Keep in mind that while HTTPS protects your own website to a great extent, seeing it on another website doesn’t mean that URL is necessarily safe. Phishers have learned to exploit some SSL certificates, which give a website its “HTTPS” encryption designation. As of March 2017, there were 988 HTTPS websites with some variation of “PayPal” in their URL. Be vigilant for such clearly devious domain names, because they are out there in droves — waiting to capture the credit card numbers and banking information of unsuspecting web users.

Phishing Scams Emails

Even with all of the antivirus technology in the world at your disposal, user error can still lead to company data getting compromised. All it takes is one wrong click inside an inbox.

Phony emails that trick users into divulging their personal information are prevalent all around the world, and they’re only on the rise as automation makes sending out bulk messages easier than ever.

If even one employee fell for a single one of these email phishing scams, it could mean big trouble for your business.

Not to mention, emails are one of the oldest internet scams out there. Phishers have had time to refine their skills over the years. Some now even specifically take aim at company executives (a process known as whaling) to nab high-level access to all kinds of company/employee data. As technology continues to improve, phishers are growing trickier.

Signs of phishing

One common example that highlights the growing sophistication of phishing scams is the fake PayPal email. This popular phishing tactic has spread so much and grown so realistic that PayPal even addresses such emails on their own website, and provides ideas on how to tell if an email is actually from their company or from a scam artist.

Some of the things they mention to watch out for (but can be applied to most phishing scams) include:

  • Generic email greetings (since they have your full name on record).
  • Misleading links (ones that take you to a different page than the one described in the text).
  • Attachments (PayPal doesn’t send any, ever).
  • Grammar mistakes (phishers operate all around the world, but frequently target English-speaking users).

Make sure your employees are aware of what’s at stake when it comes to safe email use. Building a culture of skepticism where suspicious emails are treated with caution is a big step toward protecting your business from the negative effects of email phishing.

You can never be too cautious

Online phishing scams are born out of vulnerabilities. If one hacker or fraudster finds a situation that can be exploited, they are going to do so. Just like the email phishing scam which preyed on user’s anxiety of getting their domain shut down unless they clicked a link — these con artists will use psychology, technology and craftiness to exploit anyone or any situation they can.

However, it’s not all doom and gloom for internet merchants.

If you invest in the digital security of your business, train employees to be critical of suspicious emails, and maintain a proactive rather than reactive attitude about data protection, you’ll be able to (ideally) avert every potential phishing crisis that rears its ugly head.