Like any other kind of fraud, the perpetrator can cause a significant amount of damage.
Phishing is a method used to deceive and trick a user into sharing passwords, credit card numbers, and other confidential information by posing as a trusted institution in an email or phone call.
For small businesses, this can be a fatal mistake. That’s why you and all your employees need to know how to prevent this scam, which can come disguised as an email from a supposed supplier or a fake customer.
The U.S. Federal Trade Commission recommends following these steps and providing precise instructions to ensure your business doesn’t fall victim to this scam.
Before you click on a link or share any of your sensitive business information:
Check it out
Look up the website or phone number for the company or person behind the text or email. Make sure that you’re getting the real company and not about to download malware or talk to a scammer.
Talk to someone
Talking to a colleague might help you figure out if the request is real or a phishing attempt.
Make a call if you’re not sure
Pick up the phone and call that vendor, colleague, or client who sent the email. Confirm that they really need information from you. Use a number you know to be correct, not the number in the email or text.
How to Protect Your Business
Back up your data
Regularly back up your data and make sure those backups are not connected to the network. That way, if a phishing attack happens and hackers get to your network, you can restore your data. Make data backup part of your routine business operations.
Keep all security up to date
Always install the latest patches and updates. Look for additional means of protection, like email authentication and intrusion prevention software, and set them to update automatically on your computers. On mobile devices, you may have to do it manually.
Alert your staff
Share with them this information. Keep in mind that phishing scammers change their tactics often, so make sure you include tips for spotting the latest phishing schemes in your regular training.
Deploy a safety net
Use email authentication technology to help prevent phishing emails from reaching your company’s inboxes in the first place.
What To Do If You Fall For a Phishing Scheme
Alert others
Talk to your colleagues and share your experience. Phishing attacks often happen to more than one person in a company.
Limit the damage
Immediately change any compromised passwords and disconnect from the network any computer or device that’s infected with malware.
Follow your company’s procedures
These may include notifying specific people in your organization or contractors that help you with IT.
Notify customers
If your data or personal information was compromised, make sure you notify the affected parties ― they could be at risk of identity theft. Find information on how to do that at Data Breach Response: A Guide for Business.
Report it
Forward phishing emails to reportphishing@apwg.org (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions, and law enforcement agencies). Let the company or person that was impersonated know about the phishing scheme. And report it to the FTC at FTC.gov/Complaint.