FightCybercrime.org

Recognize, report and recover from cybercrime.

Business Phishing

This is one of the most common types of attacks that impact businesses online. Learn how to protect your business from phishing attacks.

Get Started Report Cybercrime
Home » Scams » Business Scams » Business Phishing

The Basics of Business Phishing

Business phishing is a type of cyber attack that uses email to try and trick you or your employees into revealing sensitive information or downloading malware. The attacker usually poses as a trusted entity, such as a financial institution or online service, in order to gain your trust. Once you or your employees have provided their login credentials or clicked on a malicious link, the attacker can gain access to your account or infect their device with malware. Business phishing attacks can have serious consequences for both the individual victims and the organizations they work for.

Common Tactics Used in a Phishing Attack

Cybercriminals will often send out phishing emails that appear to be from a legitimate source, such as a financial institution or well-known company that you frequently do business with. They often use authentic-looking logos and branding from legitimate companies. The email will typically contain a link that directs you to a fake website that is designed to look like the real thing.

Once on the fake website, you are often asked to input sensitive information, such as your login credentials or credit card numbers. This information is then used by the cybercriminals to commit fraud or identity theft.

Cybercriminals may also use phishing emails to install malware on your computer systems. The email may contain an attachment that, when opened, will download and install the malware. This can allow the cybercriminals to gain access to your systems and steal sensitive information or carry out a ransomware attack.

Risks Associated with a Phishing Attack on Your Business

A phishing attack can wreak havoc on your business. Here are five risks to be aware of:

  • Financial loss: A phishing attack can result in direct financial loss if, for example, an employee falls for a fake invoicing scam and wires money to the attacker’s account.
  • Loss of sensitive data: If attackers gain access to your company’s network, they may be able to steal sensitive data such as customer information or trade secrets.
  • Reputational damage: A successful phishing attack can damage your company’s reputation if, for example, customers’ personal information is leaked.
  • Regulatory penalties: If your company is subject to data privacy regulations, a phishing attack may result in hefty fines.
  • Productivity loss: A phishing attack can disrupt your business operations and lead to productivity loss as employees spend time dealing with the fallout.

Step 1:Recognize

Red Flags of a Phishing Attack

Be suspicious of any email that:

  • Seems unusual or out of place
  • Asks you to click on a link or open an attachment
  • Asks for sensitive information
  • Comes from an unknown sender
  • Contains typos or grammatical errors
  • Contains threatening or urgent language

Step 2:Immediate Actions

If you or one of your employees clicked on a phishing link and/or provided sensitive information remember, it can happen to the best of us. There’s a few actions you can take to move forward and secure your account:

  • Assess the extent of the damage. Determine how many employee accounts may have been compromised, what type of information may have been accessed or stolen and whether any customer data was exposed.
  • Change all passwords and security questions for all accounts that may have been compromised. This includes email accounts, social media accounts, and any other online accounts that your employees use for business purposes.
  • Reach out to an attorney or legal organization for assistance when notifying customers or partners that their information may have been exposed. They will have the most up to date information on applicable state and federal laws.
  • Run a full system scan on all of your devices. If you find malware, visit our business malware page.
  • Review your security procedures and make changes as necessary to prevent future incidents. This may include additional training for your employees, implementing new security software, or hiring a security consultant to help you beef up your defenses.

Step 3:Report

Reporting any type of cybercrime, including phishing attacks, is imperative to help others avoid being scammed. As a society, the more people that report online scams and fraud, the more national reporting data that is collected, and the better chance law enforcement has to catch the criminals and decrease cybercrime.

Report to FBI

Step 4:Recover

Tips and Tricks to Spot a Phishing Attempt

Review these tips and share them with your colleagues to help defend against phishing attempts:

  • Check the sender’s email address.
  • Check the URL by hovering over the link.
    • If you are on a desktop computer or laptop, hover over the link with your mouse. You will find the full address of the link either near the link itself or somewhere on the edges of your browser window, depending on what web browser you are using.
    • If you are using your smartphone or tablet, hold your finger down on the link until a window pops up showing the full address of the link. Tap away from the window to close the preview.
  • Be aware of a sense of urgency or threats. For example, phrases such as “you must act now” or “your account will be closed” may be indicators of a phishing attempt.
  • Be cautious of messages that ask for bank account information or credit card numbers.
  • Check for grammatical errors or misspellings.
  • If you are unsure about the message, don’t hesitate to contact the company or person directly to inquire about it. Don’t use the contact information provided in the email or text message. Use confirmed contact information you already have or look up the company’s contact information on their website or elsewhere.

How to Protect Your Business from Cyber Attacks

To protect your organization from cyber attacks:

  • Educate your employees about cyber threats. Search for free cybersecurity training videos on YouTube.
  • If you have the budget, consider investing in cybersecurity training for your employees to educate them about threats, and what they can do to help protect themselves and the business from cyber attacks.
  • Instruct your employees to report anything suspicious to you or their supervisor.
  • Implement security measures such as two-factor authentication and email filtering.
  • Monitor your organization’s email traffic for any suspicious activity.
  • Have a plan in place for what to do in the event of a phishing attack, so you can quickly contain the damage and minimize the impact on your business.

Take 5 Steps for Better Online Security

It’s important to strengthen your business’ online security to help avoid all cyber attacks. Take action to improve your digital posture by following these steps:

  1. Implement Multi Factor Authentication (MFA): Passwords are generally easy for scammers to crack, and even if you use strong passphrases, there’s still the possibility that a cybercriminal can obtain your passphrase in a data breach. Implementing MFA is a great way to maximize your security and ensure that you are the only one who can gain access to your accounts. MFA should be implemented on all accounts where it is available. Check your account’s security settings to see if it is something you can set up.
  2. Update Your Privacy Settings: Privacy settings allow you to control your personal information (name, address, phone number, date of birth, financial details, photos or videos, etc) and how that information is used. Review your privacy settings on all of your accounts including your social media accounts. Consider restricting who can see your friends list, contacts, photos and posts.
  3. Activate Automatic Updates: Automatic updates are a set of changes to an app, software or operating system that are automatically pushed by the developer to fix or improve it. Oftentimes, cybercriminals take advantage of security flaws to plant malicious software on your devices. By activating automatic updates, you will automatically patch security vulnerabilities to protect your data.
  4. Use a Password Manager or Create Strong Passphrases: A password manager is a software tool that securely stores all of your login credentials in one place, allowing you to create and manage strong, unique passwords for all of your accounts. If you are unable to afford a password manager, use strong passphrases. A passphrase is a combination of random words or a sentence that is much longer and more complex than a typical password. Using a passphrase instead of a password makes it much harder for hackers to guess or brute-force their way into your accounts.
  5. Learn the Elements of a Phishing Attempt: Familiarize yourself with the elements of a phishing email. Phishing emails tend to include a sense of urgency and multiple grammar and spelling errors. If they are asking you to reveal personal information, be suspicious. If you get a strange email, try contacting the company another way to confirm they sent that email. If the email is suspicious, mark it as spam.

TestimonialHear from Other Victims

Without Fightcybercrime.org, I don't know if I would have been able to react as quickly to protect my personal information.
Mary - Indianapolis, IN

Latest News

The latest and greatest from our blog.

> Phishing Attacks on Small Businesses: What You Need to Know

Phishing Attacks on Small Businesses: What You Need to Know

Small businesses are a popular target for phishing attacks. Learn what immediate action steps you should take if your business is impacted.

Read Full Article

Branding