You do a great job protecting your workplace with locks on the doors, cameras keeping an eye on inventory, and background checks on your employees — but you may have given little thought to protection against scams. Today’s online scam artists often use phishing techniques that threaten your company’s security. Simply training your staff to recognize a phishing email and deal with it appropriately can add an important layer of protection to your business, possibly even saving it thousands of dollars.
What Do Phishing Scams Look Like?
Cyber criminals have gotten far more sophisticated than the "Nigerian-princes-offering-you-money" scams of old. Now, one of the top schemes used to steal your money or sensitive data is that of phishing. A phishing email tricks you into clicking a link that leads you to a fraudulent webpage. Once you’re on that page, the fake site collects personal information — possibly including private identity data, bank account information, or passwords — and often installs malware in your computer. In fact, 91% of all malware arrives via phishing emails.
Phishing emails are sometimes easy to spot due to misspellings or fake logos that shouldn’t fool anyone. Sometimes, though, they are extremely sophisticated, filled with personal information that leads you to believe they’re real, or written in an urgent tone that demands a response — That panic-inducing message from your bank claiming your account has been compromised is actually probably a phishing email that tempts you to click just to see if everything’s okay.
Tips for Recognizing a Phishing Email
You may feel that you’re able to recognize fraudulent emails and therefore you’re safe. While that may be true, your company can be in big trouble if one of your employees fails to spot a phishing attempt when they see it. Just one click, and suddenly a malicious stranger could have access to your entire network.
Teach your employees how to recognize phishing emails by looking for the following signs:
- Look for email addresses that are close but not exact — For instance, a phishing address may end in ".co" rather than the expected ".com" or ".ca".
- Verify all links included in the body of the email by hovering over the link to see what URL it actually goes to.
- Look for logos that feel a bit off, as well as misspellings or grammatical errors in emails from reputable institutions such as banks or government offices.
- Be suspicious of emails that request passwords, personal information, or money.
The most important rule: Don’t click on links, and don’t download attachments unless you’re positive you know the sender — and feel free to check with that sender before clicking on anything.
How to Protect Your Business From Phishing Scams
You can protect your business from the malicious effects of phishers by, first, training your employees to recognize phishing emails and to dispose of them properly. To do this, each employee should delete any phishing email from their mailbox and from the trash as well. If any employee mistakenly clicks on a link in a phishing email, they should immediately run anti-virus software to get rid of any malware on their system.
Make sure employees feel comfortable reporting the small mistake of clicking on a spam link by establishing a simple protocol for reporting phishing incidents. You don’t want to end up permitting great damage to be done to your proprietary information and your network out of an employee’s fear of getting in trouble. In addition, help protect others by reporting phishing attempts to the Spam Reporting Centre of the Canadian Anti-Fraud Centre.
When you train employees to recognize scan emails and establish a protocol for reporting email scams, you add a valuable layer of protection to your online activities and data.