Call Us (855) 266 -2135 ☰ ˟
(855) 266 -2135
• Insurance professionals that have your back
Logo
  • Home
  • Get A Quote
    • Business & CommercialImage of right arrow
      • Commercial Auto Insurance Quote
      • General Liability Quote Form
      • Business Owners (BOP) Quote Form
      • Workers Compensation Quote
  • Customer Service
    • Business & CommercialImage of right arrow
      • Request ID Card for Commercial Auto Policy
      • Add Vehicle to Existing Commercial Auto Policy
      • Remove Vehicle from Existing Commercial Auto Policy
      • Add Driver to Existing Commercial Auto Policy
      • Remove Driver from Existing Commercial Auto Policy
      • General Liability Certificate Request
  • Blog
  • Resources
    • Refer a Friend
    • Important Links
    • Calculators
    • Important Files
    • Insurance Glossary
  • About Us
    • About Fixated Financial & Insurance Solutions, Inc.
    • Our Locations
    • Privacy Policy
  • Contact
    • Contact Us
Home > Blog > Protecting Your Business Against Phishing
THURSDAY, JUNE 2, 2022

Protecting Your Business Against Phishing

Yellow Police tape in a X pattern that reads Cyber Crime on each Line against a blue background with 0s and 1s

Protecting Your Business Against Phishing

 

Cybercrime against businesses has been on the rise. 82% of all breaches involved a human element, such as social attacks, misuse, and errors.  Phishing is one such human element and it accounts for a significant number of breaches.  When a cyber criminal uses text, phone, or email, posing as a legitimate contact or business, to fraudulently gain access to credentials or information, that is phishing.   The goal of phishing is to gain login credentials, steal banking data, and get users to click on links that will launch malware, viruses, or ransomware.

Types of Phishing Techniques

There are multiple ways hackers use phishing to trick users into clicking their links or giving access to data. 

·         Smishing and Vishing – using text or calls to imitate a legitimate company

·         Clone Phishing – using emails that are almost identical to the real email address and real links are replaced with malware/viruses that are masked to still look like a valid link

·         Spear Fishing – this is a targeted attack on a specific user, with the hacker using the information found online or through social media accounts

·         Spam/Email  - mass emails are sent out, usually impersonating valid companies, that ask users to verify accounts or log in details, which are then stolen. Email is often how hackers will send viruses, malware, and ransomware to users

·         Content Injection – Hackers who have gained control of legitimate websites will change part of the website so that when information is entered it will go to the hacker, not the actual business

·         Search Engine Phishing – Hackers create fake sites that end up listed on search engine results, often for low-cost loans, credit card deals, or fake product/store pages

Learn to Identify Phishing

While there are multiple ways phishing occurs, there are common things to be on the lookout for. Training your employees on how to spot phishing is the best way to prevent your business from being breached or compromised.

·         Spoofed email addresses – the actual senders’ email address can be hidden and the email will look like it is coming from a legitimate contact or company as the display name.  You will need to view the header or expand the message to see the actual sender’s name – instead of just the display name.

·         Domain Name  - By creating versions of a legitimate domain name, hackers hope that users will assume this is a legitimate company email.  For example, instead of xyz.com, it might show as xyz.co or xyz-support.com. Always look at the spelling of the domain, and look out for any misspellings or odd names. 

·         Images as the email body – To confuse anti-spam software, hackers are using an image as the email body, so they will type out the email, create an image, and then use just the image in the email.  If you click the image, it acts as a link.  Look at the actual body of the email to ensure it is not just a drag/drop image instead of a composed email.

·         Threatening emails  - With online banking being so popular, seeing an email that tells you that your account is closed, or that action is needed can be alarming. Hackers use these subject lines to scare people into entering credentials into a fake website.  Learn to take a step back and review the email in-depth before clicking on anything.  You can always go to the bank/credit card app/website directly – without clicking on the email to verify your account status.

·         Malicious Links – Links can be hidden in attachments such as a Word document or PDF.  Links can also be misdirected so while they say they go to one page, you are being re-directed to a malicious site.  You can hover over a link to see where the actual link URL will send you before clicking it.

·         Real links and logos used – To make their email look legitimate, real links and logos can be sprinkled throughout the email, giving it some legitimacy. For example, they may link to the actual privacy policy or home page somewhere on the email, even though the link they are directing you to is malicious.

Other Steps to Take

In addition to training your employees to look for the above, there are more ways to help prevent a successful phishing attempt.  Ensure that your employees also do the following:

·         Verify that you are on a secure site. If you do not see a closed lock and that the URL begins with HTTPS.

·         If it sounds too good to be true, it usually is – emails that offer products well below cost, urge users to act now, act fast or anything else that works too hard to be an offer that you simply can’t pass up, is often a phishing attempt.

·         Update your browser – browsers are constantly updating to address newly discovered security flaws.

·         Do not click on Pop-Ups that you can’t verify as legitimate from the website you are on, and have block pop-ups as a default setting

·         Cyber Security Training for employees – you can sign your employees up for classes that will train them on what to look out for when it comes to phishing

·         Firewalls and Anti-Virus Software – Every business owner should be using antivirus software and firewalls. Any employees working remotely should also have firewalls and anti-virus software installed and enabled.

·         Cyber Liability Insurance – in the event of a breach, Cyber Liability insurance prevents the costs from all being out of pocket.  Additionally, many companies will include tools such as security training and discounted services for prevention and security.

Additional Resources:

Phishing.org

Stop Ransomware

Cybersecurity & Infrastructure Security Agency

Posted 8:29 PM

Tags: business, cyber, prevention
Share |


No Comments


Post a Comment
Required
Required (Not Displayed)
Required


All comments are moderated and stripped of HTML.

NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2023
  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017

  • insurance(26)
  • liability(23)
  • business(22)
  • property(11)
  • cyber(8)
  • safety(8)
  • auto(7)
  • workers compensation(6)
  • claims(5)
  • tips(5)
  • general liability(4)
  • epli(3)
  • security(3)
  • guest(3)
  • coverage(3)
  • prevention(2)
  • crime(2)
  • website(2)
  • harassment(2)
  • winter(2)
  • home(2)
  • maintenance(2)
  • job(2)
  • employee(2)
  • commercial(2)
  • covid(2)
  • overview(2)
  • self-care(2)
  • disaster(2)
  • claim(2)
  • breach(2)
  • contractor(2)
  • mylifeboost(1)
  • endorsement(1)
  • basics(1)
  • summer(1)
  • green(1)
  • data(1)
  • inland marine(1)
  • employers(1)
  • scam(1)
  • employment practices(1)
  • bodily injury(1)
  • student(1)
  • e&o(1)
  • service(1)
  • offices(1)
  • small business(1)
  • ergonomic(1)
  • waiver(1)

View Mobile Version

Commercial Insurance Workers Comp Group Health Insurance Financial Services Fixated Financial Blog

 


Join Our Email List
For Email Newsletters you can trust.

 

Logo
Social Social Social
Quick Links Home About Us Refer A Friend Contact Us
Location
911 W. 16th Street | Newport Beach, CA 92663
30786 Wealth Street Unit G-1 | Murrieta, CA 92563
Contact Phone: (855) 266 -2135Fax: 855-266-2136
© Copyright. All rights reserved. Powered by Insurance Website Builder