One cyber attack could derail your organization, costing you not just time and money, but also damaging your reputation. According to the FTC, phishing schemes cost individuals and businesses in the United States over $330 million in 2022 alone, more than double the reported losses from the previous year and a 500% increase over a five-year period.
Unfortunately, businesses and their employees are targeted with advanced email phishing attacks and text message scams every single day. These tactics have become much more common because they are effective ways to exploit personal and corporate security.
There are many factors that have led to the increase in these schemes, but what’s most important is being able to identify these and avoid the consequences of falling victim.
Recognize Phishing Attempts
To start out, here are a few tactics that are commonly used by potential scammers. It’s possible you will already recognize some of them. Being aware of these tactics can help you avoid them.
They Pretend to Be Someone You Know
You receive an email or text claiming to be from a friend, colleague or associate who asks you to click a link or share information.
An Urgent Request
The message you receive claims it’s an emergency situation — for example, a supervisor saying a task needs to be completed immediately. This lowers your defenses and plays on your desire to help them.
It Looks Real
The message comes from an email address that looks legitimate at first sight, but upon closer examination doesn’t match the company website or name. Scammers use familiar names and hope you won’t look at every detail to notice misspelled URLs or false email addresses.
Often, scammers will try to gain access or sensitive information by claiming there has already been a fraudulent login attempt on an existing account. In your haste to secure or recover your account, you may actually be entering sensitive information on a fake website, giving the hackers access.
It's very possible you would recognize a false website URL, but a QR code is much harder to evaluate. Spam filters also have a harder time assessing images included in attachments. Malicious QR codes have been used to steal login credentials.
Avoid Falling Victim
So how do you avoid becoming the latest victim of a phishing scheme? Here are a few things to keep in mind. These attacks are becoming so common that it’s not a matter of if, but when you or your business will be targeted.
When In Doubt, Call
If you receive a suspicious email or text, contact that person through a trusted method that you know isn't compromised. Even the number in the signature line of their email could be fake, as it is possible to invade an ongoing email chain, where impersonators can change contact information to make sure the call comes to them.
Be Aware of Impersonation
Artificial intelligence introduces greater risk to unsuspecting victims. Scammers are now using AI to craft specific and pointed email and text message-based attacks. Additionally, attackers are now able to replicate voices by using past recordings.
Always Use Two-Factor Authentication
Most online services offer two-factor authentication, and many now require it. This system offers additional security by requiring an additional verification after entering your password like a code sent to your phone, a security question or a scan of your face or fingerprint. While we can control and implement two-factor authentication for services that we control (company email, for example), we cannot always control third-party software solutions and websites that may not offer this capability.
Password Best Practices
Never use the same password in more than one location and avoid holding passwords in spreadsheets, documents on your computer or phone, or writing them down on a notepad. Using strong, unique passwords makes it more challenging for a hacker to gain access in the first place and limits the damage they can do if they secure access to one site.
Email Account Access
Keep in mind that cyber attackers can gain access to the accounts of legitimate business contacts. If something feels off about an email from a legitimate contact, pause and report it. An example of this may be a customer or vendor requesting you to send funds to a different bank account.
Keep Software & Systems Updated
Always keep operating systems and applications updated to the most recent version, including patch updates. It's best to institutionalize these updates, either having all software automatically update when a new version is available or by having your IT department deploy these updates.
Firewalls & Antivirus Protection
Prevent attacks before they happen with antivirus software that can detect and mitigate viruses and malware. Firewalls can prevent bad actors from accessing vulnerable parts of your network.
Routine Employee Training
Conducting regular training for all employees will support the entire organization's ability to resist cyber attacks. If employees are able to identify a threat, you significantly lower your risk of a breach. Empower everyone in your organization by at least providing basic training on security best practices.
While many of these tips and recommendations may seem like common sense, these attacks happen every day and even those with experience and training could be susceptible under the right circumstances. Gregory & Appel is CCIC-certified, meaning we can provide the guidance to help organizations prevent and respond to cyber attacks with incident response plans.
If you need guidance, connect with your risk advisor and get up to speed with the latest in cyber risk management.
This content is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice. Gregory & Appel is neither a law firm nor a tax advisor; information in all Gregory & Appel materials is meant to be informational and does not constitute legal or tax advice.