What are Phishing Scams?
Many people think that Scammers only target Medium or Larger sized businesses, but did you know that 50% of Cyber-Attacks are aimed at small businesses?
Google may be a lucrative target, but how well do you think the defences of your average local business will hold up to a Phishing attack? or your average employee working on those computers?
Carry on reading and let us explain, one of the more common phishing attacks you could face: The False Sign-In Page!
Imagine these scenarios:
- An employee might innocently try to sign in to Microsoft Outlook Online to look at their emails, or Download some normal programs, but today they’ve made a fatal error! They’ve clicked the wrong website on Google!
- Or perhaps they’ve even accidentally mis-typed the spelling, flinging them to the wrong corner of the web entirely.
- You check your email on your phone, or your computer, and what do you see? Email from your colleague or manager with a report attached, asking you for your thoughts and input.
In many scenarios like these, instead of being brought to Microsoft’s Secure-Sign in, your helpless Employee may have been ensnared in a sinister Scam! Here shown below is an older Scam from 2018. Look how normal it looks!
What is the impact?
All an employee needs to do is to Sign-In once on this page, then suddenly all of their Emails, Files and Data have been stolen!
Now, their Email Address will be used to start sending emails to other co-workers, family members, and customers.
They’ll ask for small details. Anyone would turn away an email from a random address asking personal details, but how would you respond if your co-worker shared an image of their dog, asking for the name of yours? Or your mother’s maiden name? Or a family member asking for financial information?
Well, now we know what these Phishing attacks are. Now, how do we detect them? And more importantly, let’s find out how we beat them.
How to detect False Sign-In Pages
These scam attempts are known as Phishing-Attacks and can cause catastrophe in your business.
Did you know that Phishing caused the stealing of over 160,000,000 passwords, email addresses and phone numbers in 2018, and during the COVID Pandemic, Cyber-Crime has increased by 600%
Fortunately, we can share a handful of methods to stop Cyber-Criminals. The first is the simplest, and surprisingly easy to set up for how effective it is.
Employee Awareness!
There are many tells for a Fake Sign-In, and the Padlock may be the easiest to spot.
Below is an image you should see when visiting a website. This means it has an official certificate and is trusted by an authority.
This isn’t foolproof, however. Some smarter scammers can get these padlocks. If you ever see the words ‘Not Secure‘ When looking here, be very cautious when visiting this website.
The next easy tell could be the address. Like below, the differences may look drastic, but if they’re small enough, and when flicking through websites quickly, they can be surprisingly hard to notice.
Defeating False Sign-ins – The Custom Page
Outside of educating employees with all of this information, how do you defeat the Phishing attempts of these nefarious Scammers?
This second method not only makes Phishing clear as day but also gives a massive boost to branding, and professionalism.
Think of how much of a statement it is, that you aren’t a part of just a default, bare-bones company, but you’ve marked your tools with your name, your company name and logo. To be also repeated to whoever looks at it.
Look at the incredible difference our company has between the default Sign-In Page, and our Custom-Page!
No Scammers are sneaking fake Sign-In pages behind our backs, and at the same time, look at how Just Gilbey IT Solutions defines itself over other IT Companies who never bother defining themselves from the bare minimum:
If you’d like to learn more about online branding, and how this kind of professionalism can boost your business, you should read this blog post we wrote below, we tackle this and give you some tips.
Defeating Phishing-Attacks – The MFA
Finally, the most secure change you can make is to implement Multi-Factor Authentication.
This means that when your employees are signing in, an email and password aren’t good enough. You need something personal only they have.
Personally, I use my phone. When signing in, my phone gets a buzz, and I press one button which lets me in. It sounds small, but it’s a world safer than normal.
If I wanted to, I could freely share my passwords on Facebook, knowing that whoever tries to log in as me, they’ll all fail unless they have my phone (Though I wouldn’t recommend it).
In case you’d like to learn a little more about MFA, here’s a link to one of our YouTube videos giving a better description than I have.
If, instead you’d rather read up more on Cyber-Attackers, and different ways to defeat them, below the video is a link to another Blogpost we’ve made.
Thanks for spending the time to read this post – Dylan, IT Apprentice
If you’d like to learn more about Phishing Scams, and how to stop them, feel free to read up on another one of our posts, or, if you’d like any help setting up security features, like Multifactor Authentication, or Custom Branded sign-in pages, contact us on our website for a (free!) Consultation
Sources & Attribution
All statistics are gathered from the following sources
- PurplseSec 2021 Cybersecurity Statistics
- Verizon 2019 Data Breach Investigations Report
- Cyber Rescue Alliance – Cyber Insights of 2021 Report
- FBI 2020 IC3 Annual Report