For those of you who are not familiar with the phishing term, here is a simple definition: phishing consists in personal information theft (through any means) to get access to one’s bank accounts. Of course, the final goal is to steal money. Those who practice phishing are called cyber-criminals. In 2008, there were more than 5 million phishing victims in USA alone.
Cyber-criminals work with different methods and at different levels. They attack individuals, as well as businesses. Below, we will present the most common methods of phishing along with secure measures against them.
Be aware of the following threads and remember: caution is the best secure measure!
1. Phishing E-mail Messages
Generally, e-mail providers manage to detect phishing messages and they store them in the spam folder. But today, cyber-criminals get more and more skillful. So these dangerous messages can find a way to end up in your inbox folder. If this happens, here is how one can spot phishing e-mails:
- Bad grammar and spelling – the texts contain grammar and spelling mistakes. After all, cyber-criminals are not highly educated in English language. All companies have editors who check every single message before being delivered, so it impossible to receive a truly official e-mail with language errors. So, badly written messages are most of the times scams.
- Links – scam messages contain fake links. How else would they get access to your computer and accounts? Cyber-criminals don’t know spelling, but they are amazing with technology. They get notifications when users open the scam e-mail and then, they wait for the big moment: when someone clicks on the link. From then on, cyber-criminals have access to everything – correspondence, accounts, computer files, and so on.
- Threats – cyber-criminals use threats to persuade people to click on the link. For example, they could say that your account is going to be deleted if you don’t access that link and read some messages.
- Signature of famous companies – graphic designers create logos of well-known companies and pretend the message is from them. The most popular scam is the e-mail sent from fake Facebook, telling users they have important unread messages.
How to secure your e-mails
First of all, use a very strong password. This must contain upper case letters, low case letters, symbols and numbers. Secondly, don’t use the same password for all e-mail accounts. For this operation, you could use a tool named 1password. It generates really difficult passkeys that you don’t have to remember because it synchronizes with all devices. Then, there are websites that generate complex passwords too, like passwordsgenerator.net.
Do never connect to unsecured networks! These are the easiest ways for cyber-criminals to get into your computer. If you need portable internet, just use a password protected stick.
Turn off HTML email. If you do this, the e-mail provider will display the raw URL address of a link. Thus, when you receive e-mails from banks or social networks, you can compare the URL address. If it is not the same with the address you know it belongs to that certain company, then delete the message.
Encrypt your e-mails. In this way, you will be the only one to see the message. Those who attempt to break in will only have access to a bunch of letters and symbols.
In the end, report any phishing attempts to your e-mail provider!
2. Phishing Phone Calls
In this case, criminals call individuals and pretend they are from bank, from the internet provider, from the computer support, etc. Their purpose is to get as much personal information as possible from you: the bank account number, name, personal ID, computer password, internet IP, and so on.
In order to protect your personal data, don’t answer these questions. If the bank needs something from you, you can go there personally. And this is the best solution for the internet provider too, and any other company that really needs personal data update.
3. How Phishing Affects Businesses
The first change is seen in the customers’ behavior. More and more individuals avoid online shopping and online financial transactions. For example, researchers have shown that 63% of customers failed to complete a purchase due to security concerns. Businesses are affected by these problems, because their sales go down. There are thousands of companies working only in the online environment. They have put all the resources in here, and not selling the products is not a viable option.
Then, cyber-criminals can hack your website and trick customers into revealing personal info. The next step is to steal their money. If this happens, people will never trust your company again! This only translates into zero products sold in the future. Not to mention the bad reputation that victims will spread on social networks.
How to secure your business
The first step is to implement a secure tool on the website. Most companies use SSL. This one does the job, but there is something better out there – EV SSL security.
Extended Validation SSL works like this:
- Turns the web address bar green – in this way, customers will know their personal data is secure.
- It displays the name of the website’s owner and the one of the security provider.
Actually, EV SSL offers the most secure authentication available today. Cyber-criminals cannot turn address bars green and they cannot fake display a company’s name in this location.
Also, it is essential to choose a SSL provider with a great reputation in the field. Then, clearly state on your website that all financial transactions are highly protected by this third-party. It will be a good idea to create a separate page where customers can learn about EV SSL protection. All these things will make them trust your business and complete purchasing actions.
Business owners must be aware of scam e-mails coming from payment websites, like PayPal, for example. Cyber-criminals try to fool you into clicking on a fake PayPal link by sending scam withdrawing reports and so on.
Also, they now have improved the techniques and use what is called to be Unicode override. So cyber-criminals send e-mails with infected attachments that look pretty inoffensive: instead of a clearly damaging attachment called 2015_ann[u+131e]fdp.exe, users can receive the same virus, but now called 2015_annexe.pdf. Thus, you would think this is a harmless PDF document!
It is vital to educate all your employees about the dangers of phishing and ways to spot it. If one single employee makes the mistake of clicking on a link or downloading an attachment, the company is compromised – now, cybercriminals have access to the entire network and to all computers.
In conclusion, the number one protection against phishing is education. People must know how to detect scam e-mails, fake messages, dangerous attachments, scam phone calls, unsecured websites and so on.