Small Business Security: How to Avoid Email Phishing
As a small business owner, you might already know how to stay safe and secure online. But as you expand your business and grow your team, you can actually increase your potential vulnerabilities to digital fraud, phishing and more. While you might be able to spot a suspicious email, can everyone on your team do the same?
Fraudsters often take advantage of our emotions, like fear and confusion, in hopes of misleading us, stealing our information or our money. Since the pandemic, cybercriminals have used the accompanying stress and anxiety in hopes of duping unsuspecting victims.
Phishing, smishing and vishing attacks are on the rise. Phishing is an attempt to steal your information through email communication by pretending to be someone else. Smishing and vishing are similar attempts to steal your information, but smishing occurs via text message, and vishing occurs via phone calls.
For this guide, we’ll discuss how to protect your small business from email phishing with practical tips and advice from a fraud expert.
How to Spot and Avoid Email Phishing
We consulted a fraud expert for more information about phishing and how to avoid email scams. We consulted Amanda Knor, Senior Lead of Fraud Operations at Enova International to understand the must-know tips for fraud prevention.
- Phishing emails may come from someone pretending to be your bank, your business partner, an unknown company or a completely unsuspicious individual. The emails may look legitimate, but typically include slight variations in the company email address, URL or other provided information. You may also spot spelling and grammatical errors in fraudulent emails that aren’t typical in professional communication.
- If you receive an email that looks questionable, don’t click on any links, download any attachments or use any of the contact information provided in the email. Don’t respond to the email for more information.
- You can hover your cursor over a link to view the real URL address. Again, phishing emails can look real, but may include signs like slight variations from the real company’s URL, email address or other information. For example, if the email is coming from a company called “cheese.com”, the email’s URL should also go to “cheese.com” not “chee-ese1.com”.
- If you want to verify the email, open a new browser window to perform an independent search to locate the company, phone number or other contact information.
Email Phishing Q&A With a Fraud Expert
Want to learn more? Check out our conversation with Amanda for additional information on avoiding phishing emails and scams.
Q: Beyond staying vigilant and your tips above, do you know of any specific options or tools that people can use to protect against phishing and other fraud? (e.g. high-quality email security filters, add-ons, or other quick fixes?)
A: This is tricky because it really varies depending on what device you are using, whether you are using iOS or PC, and even what account you are accessing. A good way to approach any new app, email account, etc. is to spend a good amount of time going through the privacy settings to see what type of protection you can apply, or is available to you.
Q: It seems like most fraudsters will use tactics like phishing/smishing/vishing to gain access to a person’s or business’s finances or bank account. Can you think of any other reasons that scammers attack people or businesses with these tactics?
A: Yes, sometimes fraudsters are just phishing for information to then use in another scam, or sell on the dark web.
Q: We’ve probably all heard of the Nigerian Prince email scams from early on. Now with more advanced methods, it’s a lot harder to spot phishing email and other fraud. What are some obvious (or less obvious) signs to spot email/text/phone fraud?
A: Almost all phishing attempts attack you with a false sense of urgency as well as some way of trying to direct you and your information back to them. Most efforts include a link to go to a fake website, install a fake app, or use a fake phone number that can record the information or money they’re trying to steal from you. Also, it’s not uncommon for the emails to include grammatical errors and/or typos. Lastly, it’s important to look at where the information is coming from, or who is sending it.
Q: What do you recommend for less computer savvy email users in order to stay safe online?
A: A good general rule of thumb would be to make sure you have time to read the subject line, and verify the sender of each email before opening it, or downloading anything. If you aren’t familiar with the sender, or aren’t sure why you are receiving the email, don’t open it. Also, for anyone who is not computer savvy, I’d highly recommend looking into taking a local computer class. Some community centers or local libraries even host free classes.
Q: If I get a strange email without links or a phone number to call, does this mean that it can’t be fraudulent?
A: Definitely not! Some phishing emails can include an attachment, or file, asking you to download it. Again, if you have any doubts about where the email came from, who sent it, or even why they sent it, don’t open, download, or click on anything.