Fraud Prevention: Protect your business from phishing
- Protect Your Business from Phishing
- Telemedicine in a COVID-19 World
- Investment Commentary | Recovery or Recovering?
- The Ever-Changing Absence & Accommodation Landscape in the Era of COVID-19 Webinar
- Q3 2020 Investment Outlook
- 2020 Mid-Year Outlook Webinar
- Investment Commentary | Waffles Again?
- Buying a Home During Covid-19
- An Update on Required Minimum Distributions for 2020
- Investment Commentary | Not Back to This Future!
- Paycheck Protection Program (PPP) and Retirement Plans
- Social Media and the 2020 Election
- Latest Foreign Exchange Market Insight: USD falls, EUR and CAD rally
- Investment Commentary | Municipal Bond Credit Quality Outlook
- Investment Commentary | For the U.S., How Much Debt Is Too Much?
- – Premier Partner for the PPP and Prosperity
- Learn from Michelle Kwan: Avoid the Destructive Power of Comparative Thinking
- Water Damage and Insurance - Am I Covered?
- Market Call: For Better or Worse?
- Employment Compliance Considerations for Re-opening the Workplace Webinar
- Investment Commentary | New Tricks
- To spend or to save? Strategies for using your tax refund or economic impact payment
- The Power of Negative Thinking
- Action Bias Amid Market Uncertainty
- Investment Commentary | Is this “third time’s the charm” for the S&P 500 Index at 2,900?
- Families First Coronavirus Response Act Policy for Employers
- How to Protect Your 401(k) During COVID-19
- OSHA Eases Enforcement of Respiratory Protection Standards During N95 Shortage
- Employer’s Guide to COVID-19
- Investment Commentary | Real-Time Information Helps Us Gauge Economic Conditions
- Don’t try to avoid all emotions. Lean into the right ones.
- Powers of Attorney and COVID-19
- Turmoil in the Middle East
- Spring cleaning? Don't forget your financial records
- Regulatory Update: Stimulus Package Impact
- Investment Commentary | Lessons From a Business Owner
- Coronavirus and Managing Remote Work Cyber Risks
- Staying the Course: How to Navigate Through Market Turmoil
- Scammers Prey on Emotions – Tips for Protecting Your Financial Information
- COVID-19 and the Importance of Estate Planning Documents
- Market Call: Coronavirus, Global Economics and Your Portfolio - What's Next?
- Force Majeure and Coronavirus
- Planning Opportunities Under The CARES Act
- Investment Commentary | Waxing Moon
- Families First Coronavirus Response Act (FFCRA) Webinar
- Building a Plan to Handle Uncertain Times
- What You're Feeling During Crisis Is Normal
- Protecting and Enhancing Your Plan
- Writing a New History
- This Is Why We Plan
- Business Interruption Policies and Coronavirus
- Coronavirus and the Workplace
- Investment Commentary | Valuation Does Matter . . . in the Long Run
- New laws that may affect your business
- Preparing for 2020: Politics, the Economy and Your Business
- Investment Commentary | Information Overload
- New World Order
- Investment Commentary | Where are we now?
- Investment Commentary | U or V?
- Effects of Marijuana in the Workplace
- Investment Commentary | A Long and Winding Road
- Investment Commentary | Groundhog Day
- Legacy, Loyalty or Liquidity?
- Investment Commentary | Cold or Flu Season?
- Investment Commentary | Geopolitical Risks!?
- Turmoil in the Middle East
- Turmoil in the Middle East
- How the Secure Act May Impact Your Company
- What makes a great financial advisor?
- Protect your wealth with umbrella insurance
- What does end of life for Windows 7 mean for you?
- How low can you go?
- Better Than Feared
- The War for Talent
- How low can you go?
- Trade vs. Trump
- Busting Three Popular Succession Planning Myths
- Economic & Market Outlook – Fourth Quarter 2019
- Have you ordered your first pumpkin spice latte?
- Writing a Story Worth Retelling
- Product contamination: Is your company covered?
- Are you covered in case of a business interruption?
- A Good Sniff
- It’s open enrollment season: Let’s up your game
- Now Hiring!
- Experience Modification Factor Explained
- Split Point Experience Rating Formula Explained
- Let's talk about China
- Dealing with disruption takes muscle
- Effects of Marijuana in the Workplace
- Separating the Signal from the Noise
- Thinking of relocating your business?
- Geek Fest
- Do you need an estate plan? No, but you want one.
- Economic & Market Outlook – 2019 Mid-Year Review
- How Our Brains Sabotage Our Financial Planning
- Mind the Gap
- What story does your estate plan tell?
- Can you push too far?
- Economic & Market Outlook - Second Quarter 2019
- The Implications of the Tax Cut and Jobs Act
- Temporary Worker and Joint Employment Webinar
- U.S. and China Trade Tariffs Explained
- DOL issues new proposal on overtime exemptions
- Why move when you can improve?
- Economic & Market Outlook - First Quarter 2019
- Bridging Generations Essential to Success in Family Businesses
- Time for an Insurance Review
- OSHA Log and e-File Webinar
- A New Year's Resolution
- Are you financially literate?
- Maximize Your Pension Plan in Retirement
- PBGC Benefits Review
- 401(k) Plans and Retirement Planning
- Will the multifamily housing development boom continue?
- Savvy Tips For Shopping Securely Online
- Investment Basics: Rebalancing
- HR Pros: Are you ready for year-end?
- Market Timing vs. Retirement Planning
- Couples: Have you discussed financial planning?
- What's your exit plan?
- Saving Strategies As You Approach Retirement
- The Impact of OSHA's Drug Testing Policies
- Layering Your Approach to Retirement Spending
- Survivorship Guidance Planning
- Proper planning prevents poor performance
- Multigenerational IRA
- Should you roll your 401k into an IRA?
- How to Choose the Right Investment Advisor
- Are you saving enough for retirement?
- What is a financial plan?
- 401(k) vs. Roth 401(k)
- The Case for Wine Insurance
- On the move? Your lender is your premier partner
- Employer Acquired: Retirement Plan Options
- Issues to Consider When Hiring an Attorney
- Making the Most of Your 401(k) Plan
- After Tax Rollover Rules
- Making the Most of Your Savings in Retirement
- HIPAA Privacy and Security Compliance Toolkit
- Are you ready for the Foxconn factor?
- Five Events That Can Ruin a Succession Plan
- OSHA Suspends Electronic Reporting
- Employer Efforts to Increase 401(k) Participation
- Cyber and Financial Fraud Threats
- Prescription Drugs: Effects on Health Plan Costs
- Beneficial Ownership Rule
- ACA Affordability Percentages Will Increase
- When Politics and Markets Collide
- How will the new tax law affect you?
- Advance Healthcare Directives
Phishing continues to be a pressing problem for businesses and their employees. For cybercriminals seeking to wreak havoc, phishing is cheap, effective and profitable. Verizon's 2018 Data Breach Investigations Report (DBIR) states that 76 percent of data breaches are financially motivated, the majority through phishing attacks. And according to Forbes, phishing scams cost American businesses about $500 million a year between October 2013 and December 2016.
“Unfortunately, phishing is one of the quickest and easiest ways to compromise a business,” says Jordan Martone, Assistant Vice President, Information Security Program Manager, Johnson Financial Group. “Technology defenses and security awareness training are critically important in order to avoid these damaging attacks.”
What is phishing?
Phishing combines technology with social engineering to deliver malicious code (like viruses or ransomware) or attempts to obtain usernames, passwords, account numbers and other sensitive information.
Email represents the most prevalent form of phishing, but other means of attack include:
- Vishing, or voice phishing. These involve phone calls or voicemail messages requesting the recipient call a phone number to verify or enter account information. The message is often urgent and evokes an emotional response. One example: fraudulent calls purporting to be from the IRS threatening jail or legal action.
- Smishing, or SMS (text) phishing. This is similar to vishing, only using text messaging.
- Social media links. Phishers can exploit sites such as Facebook, Twitter and LinkedIn, dropping in malicious links or phone numbers.
- Fraudulent websites. Cyberthieves can create fake websites that look like their real counterparts. “Phishers have increasingly used HTTPS domains to fool users into thinking a malicious site is safe,” Martone says. The Anti‐Phishing Working Group reports that almost 20 percent of phishing sites in 2017 were on HTTPS domains.
Elements to consider include:
Body | Is there poor spelling or grammar? Is the voice authentic? If it is supposed to be from a business or person you know, does it contain language you know the sender is unlikely to use?
Subject Line | Is the subject nonspecific, threatening, urgent or too good to be true?
Elements | Be cautious of links, attachments and login pages. If in doubt about a link or attachment, call or email the sender with an independently verified phone number or email address. Rather than click on a login page in an email, log in directly on a website using a known URL.
Elements to consider include: 1. Details. Does the address match the sender name? Is it a non-corporate or foreign email address? 2. Body. Is there poor spelling or grammar? Is the voice authentic? If it is supposed to be from a business or person you know, does it contain language you know the sender is unlikely to use? 3. Subject line. Is the subject nonspecific, threatening, urgent or too good to be true? 4. Elements. Be cautious of links, attachments and login pages. If in doubt about a link or attachment, call or email the sender with an independently verified phone number or email address. Rather than click on a login page in an email, log in directly on a website using a known URL.
How to Spot a Phishing Attempt
“Because so many phishing emails appear legitimate, it's important to examine individual elements of an email carefully,” Martone says. “Train your employees to recognize potential phishing attempts and encourage them to think critically about every communication they receive.”
Suspicious emails should be reported to your IT department immediately, however businesses without a dedicated IT department can forward phishing emails to the Federal Trade Commission (FTC) at email@example.com and file a report at FTC.gov/complaint. You also may want to report phishing emails to the Anti‐Phishing Working Group at firstname.lastname@example.org.
Are you at risk?
“Some organizations believe they aren't vulnerable to phishing because they are so small,” Martone says. “However, research shows that hacking groups around the world often use a smaller business as a training ground to practice phishing before attacking a larger organization. Plus, scammers sometimes infiltrate a smaller organization – perhaps a vendor of a large company – in an attempt to attack the larger group.” That means every business, no matter the size, needs to develop a robust security protocol to help identify phishing attacks and avoid compromising the business.
Other Steps to Prevent Fraud
In addition to critically examining email elements, consider implementing the following to secure your business and employees from fraud:
- Use email spam filters and firewalls.
- Conduct security awareness training for all employees along with simulated phishing tests that provide immediate feedback.
- Consider partnering with a vendor that offers phishing simulations and web‐based training and education. “There are also free resources, such as the FBI and Federal Trade Commission (FTC), on how to deal with phishing,” Martone adds.
- Keep software and anti‐virus programs up‐to‐date, and make sure all security patches are installed.
- Make reporting a suspicious email as simple as possible. If you don't have an IT department with a reporting procedure, talk to your IT partner or internet service provider to see if they offer security services.
- Implement regular and secure back‐up and recovery processes so you can retrieve uncorrupted information and continue running your business, even if a breach occurs.
Your First Line of Defense
The best way to protect your business from phishing is to ensure you and your employees know what to look for. “Despite your best efforts, people make mistakes,” adds Martone. “The DBIR reports that 4 percent of targets will click on any given phishing email campaign. So be sure you have a good IT response team and plan in place to quickly address issues and keep damage to a minimum.”