#2 Phishing Awareness

Protecting your small business from online scams

Author

Hacktractive by Harke & Co
September 18, 2024 • Estimated Reading Time: 5 minutes

Hello!

Welcome to another edition of your newsletter, Hacktractive!

We're here to equip you with the latest cybersecurity insights, tailored specifically for small and medium-sized businesses like yours.

As always, we're committed to helping you navigate the ever-changing digital landscape safely and confidently.

If this edition has been shared to you, you can subscribe here.

This Week in Cybersecurity (week 37)

Let's dive into the most significant cybersecurity events from the past week that SMBs need to know about.

  1. Ransomware Resurgence: Ransomware attacks increased by 50% year-on-year in 2024, with RaaS kits making attacks easier and faster.

  2. AI-Powered Cyber Threats: Cybercriminals are using AI tools like FraudGPT to enhance their attack strategies, prompting new security awareness initiatives.

  3. Critical Infrastructure Vulnerabilities: CEOs may face personal liability for cyber-physical incidents, with potential financial impacts exceeding $50 billion by year-end.

  4. Cybersecurity Talent Shortage: Over 4 million cybersecurity positions remain unfilled globally, leading to higher average costs for data breaches.

  5. Increased Board-Level Focus: 80% of organizations now have board members with cybersecurity expertise, highlighting its importance as a business risk.

Now that we're up to speed with the latest news, let's explore some actionable content to strengthen your cybersecurity posture.

Spotting and Dodging Phishing Scams

Phishing scams are a big threat to small and medium-sized businesses (SMBs). These tricks can cost you money, data, and customer trust. Let's look at how to spot and stop these scams.

What is Phishing?

Phishing is when scammers try to trick you into giving away important information. They often pretend to be someone you trust, like a bank or a business partner.

Common Phishing Tactics for SMBs:

  1. Fake invoices: Scammers send bills for services you never ordered.

  2. CEO fraud: Emails that seem to be from your boss asking for urgent money transfers.

  3. Supplier scams: Fake messages about changing payment details for your vendors.

  4. Tax scams: Phony IRS emails demanding immediate payment.

  5. Tech support tricks: Calls or pop-ups claiming your computer has a virus.

Real-World Examples:

  • A small accounting firm got an email that looked like it was from a client. It asked them to update the client's bank details. The firm nearly sent a large payment to the scammer's account.

  • A local restaurant received a fake email from their "food supplier" saying their account was overdue. The email had a link to pay, which led to a fake website that stole their credit card info.

  • A small marketing agency got a call from someone claiming to be Microsoft support. The caller said their system was infected and needed remote access to fix it. This could have led to data theft.

How to Protect Your Business:

  1. Train your staff: Make sure everyone knows how to spot phishing attempts.

  2. Use strong spam filters: Good email filters can catch many phishing attempts.

  3. Keep software updated: This helps protect against known vulnerabilities.

  4. Use two-factor authentication: This adds an extra layer of security to your accounts.

  5. Be careful with wire transfers: Always double-check by phone before sending money.

  6. Back up your data: This can save you if you fall victim to ransomware.

What to Do If You've Been Phished:

  1. Change passwords immediately for any affected accounts.

  2. Contact your bank if any financial info was shared.

  3. Run a full virus scan on your systems.

  4. Report the scam to the proper authorities.

  5. Inform your customers if their data might be at risk.

Phishing is a serious threat, but with awareness and good practices, you can protect your business.
Stay alert, educate your team, and always verify before giving out sensitive information. It's better to take a moment to check than to rush and fall for a scam.

That wraps up this week's edition!

Remember, in the world of cybersecurity, knowledge is power – and we're here to empower you every step of the way.

Stay safe and secure!

Hacktractive
By Harke & Co LLC

P.S. Have a burning cybersecurity question?
Reply to this email, and we might feature the answer in our next edition.
If you own an SMB and need help, you can book a one-hour consultation here.