Learn how you can prevent phishing fraud risk by identifying the signs and proactively protecting your business against potential threats.
The frequency of reports in the news regarding hacking, identity theft, and data breaches are leaving business owners concerned. The stories that make the national news typically cover fraud and data thefts at large organizations, but smaller companies can also be affected. One of the most common scams targeting businesses is called phishing, and here’s what you can do to help prevent it.
What is it?
Phishing is a method scammers use to obtain private information under false pretenses. Once they have that information, they can use it to commit identity theft or fraud, or to hack into your business.
For example, you might receive an email that appears to be from your bank and asks you to update your password. In reality, the email is from a fraudster who is attempting to trick you into providing your login credentials. Once they have your bank login information, they can use it to try to take control of your accounts.
Another common example of phishing involves receiving an email that says there is a problem with your credit card: It has been declined, there may be potential fraud, it has been stolen, etc. Clicking on the conveniently placed link in the hope of quickly resolving the situation takes you to a website that asks for your card information. Unfortunately, the website is controlled by scam artists, who are monitoring whatever you type.
Spotting the Scam
There are a number of ways to identify email phishing attempts. Some of the more common ones include:
- Poor grammar and spelling mistakes. Poorly written subject lines or email messages with spelling errors are common in phishing emails. Legitimate businesses are more diligent than scammers about using correct grammar and proper spelling.
- Unusual sender email address. Another possible indication of a phishing attempt is when the name of the sender and the email address do not match. For example, when you receive an email from firstname.lastname@example.org and the sender’s name is Mary Smith, this should raise your suspicions. You should also be aware of misspellings in the email domain. For example, if the name of the company is Acme, but the email comes from Aacme, you should exercise caution.
- Misleading links. Fraudulent emails often contain links with instructions like “click here to confirm your address” or “click here to update your password.” Because the email is alleged to come from a particular company, you would expect any links embedded in the email to go to the url for that company. To test this, hold your mouse over a link without clicking on it and the url should appear. Look to see if it is taking you to an unfamiliar site and even if the url looks familiar, look carefully to see that “Acme.com” is not “Aacme.com”.
- Shoddy graphics and branding. Reputable companies take great care to ensure that their brands are presented properly with the right colors, photos, fonts, and graphics. If anything about the design of an email looks off—especially unusual fonts, grainy logos, or other images—beware.
If you happen to click a link in a suspicious email and arrive at a website, the above identifiers all still apply: poor grammar and spelling, unusual urls, and shoddy design all could indicate that you have arrived at a site that is not legitimate. It is fairly simple for fraudsters to create a fake page that closely replicates a real one.
Protecting Your Business
Here are some specific actions you can take to reduce your risk associated with phishing.
- Pause and assess the situation. When faced with an alarming email, do not automatically click on any embedded links. Consider the possibility that it is phony and look for indications that it is a scam.
- Verify potential issues through trusted channels. If you receive an email claiming to be from your bank, your credit card company, your payroll company, etc. suggesting that there is a problem with your account or that you need to provide personal information, call their customer service department or contact them through their official website.
- Leverage software protections. Ensure that your company’s computers, servers, and networking equipment have the latest software patches installed. Consider using anti-malware and anti-virus software as well.
- Use spam filters. Most email providers offer some form of spam protection. Making use of their spam filters can help to eliminate many phishing emails before they appear in your inbox. You may also be able to apply spam filters on your internal mail server.
- Keep your guard up. Email is an active channel for fraudsters, so vigilance is key, especially when reviewing emails of a financial nature or those requesting personal information. If you must reset a password or update account information, do not do it through an email link.
- Educate your staff. Share this information with your employees and, in particular, anyone with access to your company’s bank accounts, treasury services, or credit cards. Making everyone aware of phishing and how it works will help reduce its effectiveness.
Santander Bank does not make any claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained in this article.
Readers should consult their own attorneys or other tax advisors regarding any financial or tax strategies mentioned in this article. These materials are for informational purposes only and do not necessarily reflect the views or endorsement of Santander Bank.
Equal Housing Lender. Santander Bank, N.A. is a Member FDIC and a wholly owned subsidiary of Banco Santander, S.A. ©2018 Santander Bank, N.A. All rights reserved. Santander, Santander Bank, and the Flame Logo are trademarks of Banco Santander, S.A. or its subsidiaries in the United States or other countries. All other trademarks are the property of their respective owners.