Perhaps less well-known, though, is the legit email from a photographer that arrives via Pardot form on your website, explaining her desire to help with your website (just download the PDF portfolio).  Whether golden oldie or modern sleight of hand, every phishing scam relies on human emotion to ensure bad things happen.  The good thing is that every small business can avoid being phished if they know what to look for.

To start, it’s important to understand the psychology of phishing scams.  According to the National Cyber Security Center, criminals send phishing emails to millions of people each year.  They go to these lengths because, despite the zeitgeist’s general awareness of the Nigerian prince, his appeal remains ageless (and he continues to collect).  Generally speaking, phishing attackers communicate with their target via email, though phishing does happen via text message, social media, and phone.  The attacker typically plays upon our natural human instinct to respond without thinking, using incentives, urgency, fear and/or deception to convince users to click on a bad link, infected website, malware attachment or to simply hand over sensitive information, like bank details.

The key to avoid getting fried by a phishing scam and rise beyond digital risk is to make “awareness” a habit within your business. Part of being aware is making yourself a harder target, primarily by managing your personal and professional digital footprint with discernment. Why?  Because criminals like to use publicly available information to make their communications more convincing.  Reviewing your privacy settings on personal and business accounts and thinking about your social post content helps you maintain a modicum of control, but something else to think about: what are others saying about you?  Your whereabouts?  Your habits?  Friends, family and customers are awesome, and criminals think so, too.  Be aware that any and all information can be used to target you and your business!

For your consideration, here’s a few tell-tale signs of phishing:

  • Is the email address to you by name or does it refer to a valued customer friend or colleague? This can be a sign that the sender does not actually know you and that it is part of a phishing scam.
  • Another tactic is for attackers to create official looking emails by including logos and graphics.  Ask yourself: “Self, is the design and quality what I’d expect from this company?  Did I even reach out to them?”
  • Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like “Send these details within 24 hours” or “You have been a victim of crime, click here immediately.”
  • Look at the sender’s name and email address. Does it sound legitimate or is it trying to mimic someone you know?
  • Your bank or any other official source should never ask you to supply personal information in an email. If you need are unsure, check by calling the bank directly.
  • If it sounds too good to be true, it probably is!  Most likely, someone is offering you designer sneakers for a low price or codes to access films for free because they have bad intentions.

All the above is great info, but it’s also important to understand what to do if you’ve already clicked. You’d be well within your rights to WANT to panic, however the most important thing to do is NOT panic.  There are a number of practical steps you can take immediately to keep the damage in check:

  1. Open your antivirus software and run a full scan. Follow any instructions given. 
  2. If you’ve somehow been tricked into providing your password, change your password on all your other accounts. 
  3. If you have lost money, it needs to be reported to your bank as a crime. 

Should any of the above happen, you are not alone!  If you think you’ve been phished, click here (or the floating button below) to report the incident and someone from Team Periculus will be in touch to help you manage the next steps.