angle graphic

July 30, 2019

Common Phishing Attacks and What to Do About Them

Samantha Hubay

Written by:

Samantha Hubay

Common Phishing Attacks and What to Do About Them

It is important to keep your small business safe from danger, which includes common phishing attacks. You’ve worked hard to build a reputable, profitable organization, and it deserves to be protected. Unfortunately, there are threats to your business around every corner. In this post, we’ll focus on one on the most frequent digital threats – phishing.

Key Takeaways You Will Get From This Article

1. There are many types of phishing scams, but about half are malware attacks, and the other most common type is called “credential harvesting”. Through this type of attack, a hacker attempts to steal username and password information.

2. To protect yourself and your business, implement an email security platform, educate employees, and be skeptical. If you believe an email may be a phishing attack, do not open it. 


Table of Contents

  1. What is "Phishing"?
  2. Common Phishing Attacks
  3. How to Protect Your Business
  4. Secure Merchant Services


What is “Phishing”?

Sorry to say, it’s not that delicious Ben & Jerry’s chocolate ice cream with marshmallow and caramel swirls. The Federal Trade Commission (FTC) reports that, “phishing is a type of online scam that targets consumers by sending them an email that appears to be from a well-known source”. In other words, a hacker sends an email to you or someone in your business that is disguised as important information from a crucial vendor, customer, or high-level employee. Typically, the hacker will do their research and make the email as official-looking as possible, encouraging you to open it. Once you do so, your entire business could be at risk.


-back to top-


Common Phishing Attacks

Research shows that employees receive 4.8 phishing emails in a 5-day work week. Nearly 30% of those emails typically make it past default security, which puts your business at risk. Unfortunately, these attacks have seen a high rate of success in recent years, empowering hackers to launch more of them. Today, phishing attacks are global and affect every region of the economy.

There are many types of phishing scams, but about half are malware attacks. In a malware attack, a hidden link triggers a download to our device. Once downloaded, the file gives the hacker access to your system. This could allow them to hold your device hostage, steal credit card information, spy on operations, and more.

The other most common type of phishing scam is called “credential harvesting”. Through this type of attack, a hacker attempts to steal username and password information. Often they will impersonate a trusted brand to convince you to reset your password or payment information. Your information is then directly sent to the hacker, allowing them to easily tamper with your account or even charge items to your credit card. (This is a main reason why you should never use the same password across multiple accounts! Chances are the hacker will try your password in many places.)


-back to top-


What Can I do About It?

It’s a terrifying reality, knowing that everything you’ve worked so hard to achieve could crumble from one simple email. Here are some measures you can take to protect yourself and your business.

  1. Implement an email security platform.
    An email security platform is capable of catching attacks before they even reach your inbox. There are some great options out there from companies like Cisco, Barracuda, Microsoft, and more. Make sure your choice includes intelligent scanning, full-suite protection, and layered security.

  2. Educate employees.
    It only takes one click to expose your business to a serious threat. Make sure you educate employees on the dangers of phishing emails, and encourage them to never click on something that seems suspicious.

  3. Be skeptical.
    It is always better to be safe than sorry. If you suspect that an email may be a phishing attack, do not open it. Contact your IT expert or simply delete the email.

For additional statistics on phishing, check out this infographic from Small Business Trends. 


-back to top-


Secure Merchant Services

We didn’t write this post to scare you. The digital world is amazing, but it is important to know that not everyone out there has your best interests in mind. If you put the right security measures in place and stay informed of the latest threats, you can effectively protect your business and gain peace of mind.

Electronic Merchant Systems offers high-quality, secure payment processing services to merchants across the nation. We have been PCI Level-1 Certified for more than a decade, because we believe in maintaining payment security and continuing to fight data compromise. The PCI Security Standards Council monitors threats and works to improve the way we handle them by enhancing the PCI Security Standards and training security professionals. We are proudly PCI-compliant because we have our merchants’ best interests in mind, always.

If you’re looking for a new solution to securely process payments and manage your business, contact us today!

angle graphic