Mind Your Business – Avoiding Phishing Scams
By: Michael Friedberg, OD, Director of Professional Relations, PECAA
According to Kaspersky Labs, Phishing is one of the most popular weapons cybercriminals use to attack your optometric practice. Defined by Wikipedia, “Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site.” Businesses and their employees are a primary focus of these cyber crimes.
Phishing attacks are designed to take advantage of 4 emotions: fear, greed, obedience, and helpfulness. It is easy to understand how a person might be manipulated into clicking on a phishing attack utilizing any of these appeals. Imagine an email warning your employee about an open enrollment deadline for healthcare insurance. The employee, before giving any thought to the legitimacy of the email, may click on a link and enter personal information or download malware.1
Although most business-focused phishing attempts fail, those that do work can be costly. Phishing scams cost American businesses half a billion dollars a year!2 Additionally, one-third of consumers said they would stop dealing with a business following a cyber-security breach, even if they do not suffer a material loss 3 and after a company is breached, 60% of customers will think about moving and 30% actually will!4
So, how can you keep yourself and your practice safe?
1. Increase your security awareness. PhishMe Inc. found that the susceptibility of a business to a phishing attack can be as low as 5% when employees are well trained by conditioning them to recognize and understand phishing emails and by using repeated phishing simulations. This is of particular importance as their study showed that roughly 15 percent of employee emails were found to be phishing-related.6 Utilize security awareness and phishing defense tools. Companies like PhishMe and KnowBe4 have a number of tools, both free and paid, that you can leverage to help increase employee awareness and decrease the likelihood of a successful phishing attack against your practice.7
2. Use a password manager. Oftentimes phishing scams will use links to spoofed pages of popular sites in order to gain access to the victim’s usernames and passwords. A password manager analyzes a website’s URL before auto-filling the username and password. Consequently, if a victim does click a link to a bogus webpage, no harm will be done as the password manager will automatically recognize the fake URL and prevent the auto-fill or auto-login.
Unfortunately, cyber crimes have become a part of our lives; both private and in the business world. As with all crimes, prevention is your best defense.