Email Scams – Phishing – Are Still
The Biggest Cyber Threat for Small Businesses

If you’re old enough to remember America Online, you probably remember their announcement, You’ve Got Mail!

The cheery voice probably should have added, “…and you’d better be careful!”

Email scams are arguably the leading link to major scams and fraud costing billions of dollars each year. Governments, institutions like hospitals and many, many small businesses and individual fall prey.

And most of the tricks are very easy to avoid: NEVER click on an imbedded link in an unknown sender’s email. Never. Even trusting a known sender can be a mistake if they've been hacked.

Graphic Fraud

Both email and a linked webpage may have your bank’s logo at the top and look authentic. The email may look for all the world like warning from Microsoft, PayPal or even your web host. But there’s a good chance it’s not and the link that says “log in to your account” may take you to a completely different website that mimics the real one to entice you into entering information they’ll use to steal.

The messages and their “sources” are almost unlimited: Tech support from internet providers, cell providers, hardware companies and more will come with very convincing graphics and other elements. Graphic designers know how easy these are to mimic, but for most people the scam will look like it originated from Apple, Dell, AT&T, or another legitimate company.

It’s not just email, of course. Pop-up messages on a webpage, text messages and even phone calls can be used as well. Many of these will look like “alerts” that supposedly requires your immediate attention – by making their messages sound urgent, scammers know they can often get people to rush for a solution and not use precaution.

These are things you need to know and make sure your staff knows, too. Frequent reminders are a good idea. This will reduce the likelihood that someone makes a wrong move that leads to disaster.

The messages may even include information about your company or other details. Although this information may seem convincing, it’s likely available on the company website or other public locations.

A Simple Solution

The easiest solution to avoid these traps is this: instead of clicking the notification’s link or following other directions, go to the website associated with the supposed alert and log in directly to check for notifications, messages or alerts there. If the message is legitimate, it will be on the website. If not, you’re likely dealing with fraud. And if you don’t do business with the company supposedly involved, then you know the alert is not valid!

For businesses, this can involve additional threats. We already noted that it’s increasingly common for scammers to have the names of company supervisors or other officers to use that info to lure an employee into revealing sensitive information. It’s also possible to trick employees into downloading a file or opening the system to malware, ransomware, and the like. The lure is often something like, “…this will allow IT to fix the problem.” It won’t.

There are other, often more complex threats out there, but email may be the most common. One source says 91 percent of all cyber-attacks begin with a phishing email. Don’t let your small business get hooked!