Cyber Security: How to Protect Your Business from a Phishing Attack – May 28, 2019
Cyber security controls in the banking and financial sector is an absolute necessity as Internet scammers attempt to obtain sensitive information in order to gain access to credit and banking accounts. At Allied Affiliated Funding, we are acutely aware of the significant threat cyber-attacks pose to our customers and encourage all our business clients to educate their employees on cyber security and actions they can take to prevent becoming a victim of a cyber or phishing attack.
Why does Allied Affiliated Funding care about your cyber security? We believe in the power of user education on important topics that can reduce risk to our clients’ businesses. We have recently learned of several examples of clients who have experienced a cyber security breach, leading us to focus on phishing attempts as a blog topic. To know more about cyber security phishing attacks and how to protect your business, keep reading.
If you ever receive a suspicious phone call or email from someone representing Allied, give us a call. We can quickly verify whether the point of contact was legitimate, or if perhaps, it was a phishing attempt.
What is phishing?
Phishing is the act of attempting to trick the recipient of a malicious email into opening and engaging with it.
Here is a phishing scenario we have seen with our clients. This is a common strategy of Internet scammers, and one for which to be aware.
You received an email from a seemingly legitimate sender. It may appear the email comes from someone with whom you do business on a regular basis, such as Allied or another financial institution. In the email, the sender requests a payment and/or sensitive or confidential information. It might read something like this:
- Your recent payment was not received because our mailing address has changed. To prevent your payment from being late, please submit a new payment via wire transfer.
- Instructions are attached.
- Thank You.
Is it real? Or is it scam?
Odds are, you have been the victim of an email phishing scam. Statistics from Cyber Safe suggest more than 150 million phishing emails are sent globally every day.
How does it happen?
Using fake emails, phishers are on the prowl for credit card information, banking information and passwords. The “sender” of the email deceives the victim by making the email appear to be sent from a reputable source and may contain a malicious attachment, like a PDF or Word document, that, once opened, will harm the user’s computer by installing malware. Or, the phishing email will contain a malicious URL link in its body. When the user clicks on that link, they might be directed to a site that appears legitimate, but in actuality it is used to collect confidential information or to install malware onto their device.
Every day, about 800,000 phishing links are clicked and about 10 percent of people who click those links are baited into providing information that results in stolen identities, credit card fraud, financial loss and other scams, according to Cyber Safe.
Recently, we were made aware of a phishing scam that looked much like the example above. It happened when an employee at a company inadvertently clicked a phishing link, which then gave the Internet scammer access to dozens, if not hundreds, of customers’ information, including email addresses. The scammers then created an email that looked almost identical to that of the company and began sending requests for wire payments out to the company’s customers.
Thankfully, red flags were raised by a suspecting recipient of the email and the phishers were stopped in their tracks.
Unfortunately, this is not always the case and these scam artists are often successful.
How can you prevent being a victim?
The biggest deterrent to phishing scams is user education. Taking the time to educate your staff and employees on what to look for can help prevent your business from falling victim to a phishing scam that could mean significant financial loss and irreparable harm for your company. Here are a few key points to remember when opening emails:
- Always VERIFY when asked to provide sensitive information.
- HOVER your cursor over links to reveal their true destination.
- NEVER SEND confidential information in an email.
- NEVER OPEN an attachment that you were not expecting.
- When in doubt, CALL the requester to verify the request.
- WATCH for spelling / grammar mistakes as this is an easy tell.
- DON’T BE TOO QUICK TO CLICK!
As a business, it is important to ensure you have proper configuration for each of your workstation’s web browser, spam filters around your email solution, and invest in anti-virus software for your workstations and servers all as a minimum-security baseline for your email environment. Ensure that you enforce the use of strong passwords using letters, numbers and special characters for access to your network environment and implement multi-factor authentication for all remote users.
Implementing these basic protections in place can help reduce your risk, but there is currently no technical solution that can entirely eliminate phishing risk. Educating your employees is one of the greatest protections because technology and the nature of phishing attacks are rapidly evolving. When the user can adapt to the ever changing environment, risk in the workplace is reduced. Ignoring this risk means you are rolling the dice with the security of your company and your customers’ confidence.
Think you may have been a victim of someone masquerading as a representative of our institution? Don’t hesitate to contact us so we can verify whether it was a legitimate email or phone call.
Allied Affiliated Funding has multiple funding options available, even beyond accounts receivables financing. Contact us today to learn more about our financing solutions and other available services.