It’s likely that as someone who uses the internet you’ve heard the term ‘phishing’. Although it shares some similar characteristics with the common hobby (baiting, using a ‘hook’), its consequences are much more detrimental to your business if you don’t take measures to secure you or your customer’s information.

In the paragraphs below we will reveal some ways you can protect your customers and your business from having their private information compromised through phishing.

What exactly is phishing?

Phishing is the act whereby fraudulent emails, pop-ups, or prompts are sent to customers, businesses or internet users generally to obtain sensitive information from them and exploit it. This information can be personal details such as names, date of birth, email and address. It can also be more sensitive information such as credit card details or passwords.

There are many methods that phishers use to extract information, some of which include:

  • Linking to their own site which captures the information (and often opens malware)
  • Prompting the user into making a payment
  • Opening their site in a new tab automatically for advertising purposes
  • Capturing information by hacking large wireless networks (that members of the public supply their information to)

It’s important to note however, that although these are the most common forms of phishing, there are many more out there.

The common thread here is that it’s an attempt to obtain private information for illicit purposes.

Methods of prevention

There are things you can do for your business, your employees and your customers to prevent phishing attacks. These include:

Training your employees

Training up your employees to understand what an online scam looks like is crucial. For example, if an employee receives an email from a supplier that looks completely legitimate, they might then open it and provide any details it asks for. This could also be an email which requests a payment of some form to be made, and could end up costing your business. Phishing scams target businesses as much as any other user, so training yourself and your employees on the signs to look out for is a must. An IT lawyer can advise you further on how to detect potential phishing scams.

Keeping your software and systems up to date

Along with online technology itself, methods of exploiting internet users are also rapidly evolving. To combat this, always check your systems are up to date. This includes any software you use, browsers and email servers. If something in your systems doesn’t seem to be working right, have it looked at.

Communicating with your customers using identifiers

Many companies have started to implement processes which delegitimise any emails sent as part of a phishing scam. Phishing scams are often characterised by their use of generic terms, such as ‘Dear Customer’ or ‘Dear User’. A lot of companies use this tactic now, for example, when a PayPal email scam was circulating, PayPal addressed their emails to the registered usernames of customers. The spam email was addressed ‘Dear PayPal Customer’. Once customers were aware of this point of difference, they could avoid falling prey to the scam.

If you generate the emails you send to clients to address them by their first name, username or even full name, it’s likely that a phishing scam won’t be able to replicate this for each customer. If you make customers aware that this is how you word your emails, they’ll know not to open anything suspect.

Further, advising customers on how your business protects their information online will not only keep you safe, but also foster trust with your customers.

Having a privacy policy

Similar to the previous paragraph, a privacy policy also fosters trust with your customers. It has become the norm for reputable and legitimate businesses to have one on their website, and savvy customers often expect one now. Customers will know what information they are giving away when they use or purchase from your website. If a phishing attack occurs, a customer will be able to recognise if the phisher is asking for information your business doesn’t ordinarily require.

Although it’s alarming to think that 97% of people can’t recognise a sophisticated phishing email, there are measures you can take to lower the risk to not only your customers, but your business itself.

Running an online business carries with it obligations to your customers – and taking steps to prevent their data from being compromised is probably the most important one.

Want more information? Contact a LawPath consultant on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest legal marketplace.

 

Jackie Olling

Jackie is the Content Manager at LawPath and manages the content team. She has a Law/Arts degree from Macquarie University and has worked in the legal industry since 2014. She's interested in legal tech and the opportunities it offers to not only the legal industry, but all people.