It’s likely that as an internet user, you’ve heard the term ‘phishing’. Although it shares some similar characteristics with the common hobby (baiting, using a ‘hook’), its consequences are much more detrimental.
In this piece, we will reveal some ways you can protect your business from phishing. Protecting yourself is not the only important thing here – it’s also important to protect your customers.
What exactly is phishing?
Phishing is the act whereby fraudulent emails, pop-ups, or prompts are sent to customers, businesses or internet users. This is done so that phishers can obtain sensitive information from them and exploit it. This information can be personal details such as names, date of birth, email and address. It can also be more sensitive information such as credit card details or passwords.
There are many methods that phishers use to extract information, some of which include:
- Linking to their own site which captures the information (and often opens malware)
- Prompting the user into making a payment
- Opening their site in a new tab automatically for advertising purposes
- Capturing information by hacking large wireless networks (that members of the public supply their information to)
It’s important to note however, that although these are the most common forms of phishing, there are many more out there.
The common thread here is that it’s an attempt to obtain private information for illicit purposes.
Methods of prevention
There are things you can do for your business, your employees and your customers to prevent phishing attacks. These include:
Training your employees
Training up your employees to understand what an online scam looks like is crucial. For example, if an employee receives an email from a supplier that looks completely legitimate, they might then open it and provide any details it asks for. This could also be an email which requests a payment of some form to be made, and could end up costing your business. Phishing scams target businesses as much as any other user, so training yourself and your employees on the signs to look out for is a must. An IT lawyer can advise you further on how to detect potential phishing scams.
Keeping your software and systems up to date
Along with online technology itself, methods of exploiting internet users are also rapidly evolving. To combat this, always check your systems are up to date. This includes any software you use, browsers and email servers. If something in your systems doesn’t seem to be working right, have it looked at.
Communicating with your customers using identifiers
Many companies have started to implement processes which delegitimise any emails sent as part of a phishing scam. Phishing scams are often characterised by their use of generic terms, such as ‘Dear Customer’ or ‘Dear User’. A lot of companies use this tactic now, for example, when a PayPal email scam was circulating, PayPal addressed their emails to the registered usernames of customers. The spam email was addressed ‘Dear PayPal Customer’. Once customers were aware of this point of difference, they could avoid falling prey to the scam.
If you generate the emails you send to clients to address them by their first name, username or even full name, it’s likely that a phishing scam won’t be able to replicate this for each customer. If you make customers aware that this is how you word your emails, they’ll know not to open anything suspect.
Further, advising customers on how your business protects their information online will not only keep you safe, but also foster trust with your customers.
Having a privacy policy
Similar to the previous paragraph, a privacy policy also fosters trust with your customers. It has become the norm for reputable and legitimate businesses to have one on their website, and savvy customers often expect one now. Customers will know what information they are giving away when they use or purchase from your website. If a phishing attack occurs, a customer will be able to recognise if the phisher is asking for information your business doesn’t ordinarily require.
Although it’s alarming to think that 97% of people can’t recognise a sophisticated phishing email, there are measures you can take to lower the risk to not only your customers, but your business itself.
Running an online business carries with it obligations to your customers – and taking steps to prevent their data from being compromised is probably the most important one.
Want more information? Contact a LawPath consultant on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest legal marketplace.
