What is phishing?
Phishing scammers create captivating communications that can look and sound like the real thing, only to steal your information and leave you on the hook for the consequences.
If you’ve been on a fishing trip, you already know how “phishing” works. The angler disguises their hook with an enticing lure and waits for a fish to take the bait. Phishing works the same way, minus the worm. Phishing (pronounced “fishing”) is a crime where a hacker poses as a legitimate institution and contacts a target by email, telephone, text message, or direct message.
No target is too small for a scammer. We are all at risk of a phishing attack on our personal or small business accounts. Read on to learn how to identify seven types of popular phishing scams, how to prevent a phishing attack, and how to protect your business with cyber insurance.
Phishing scammers create captivating communications that can look and sound like the real thing, only to steal your information and leave you on the hook for the consequences. These cybercriminals lure individuals into providing sensitive data such as personal identity, banking, credit card, or account password information. Then, the scammer will use the information to access personal or business accounts to carry out identity or financial theft.
According to the FBI, more than 241,000 people in the U.S. were victims of phishing scams in 2020.1 While these attacks aren’t always sophisticated, they are a successful numbers game. Even computer-savvy business owners can fall victim to a phishing attack if they rush to respond to messages and miss the obvious signs.
The cost of data breaches — often the result of phishing scams — rose 10 percent in total from 2020 to 2021, reaching $4.2 million.2 Just one way that phishing can be a profitable crime with high rewards for scammers.
While it may seem like phishers are expert computer hackers, they are actually “social hackers.” They may have little-to-no knowledge of computer coding. In most cases, the only tools a phishing scammer needs to access your company’s accounts are a fake email address and a compelling message.
Phishing scammers will typically send you a message pretending to be a representative from your bank, office, or other trusted institution. Their email address may look similar to a legitimate one, but it may contain a typo or other red flag. Often the message will include a time-sensitive offer or problem to address. They may ask you to click a link or forward your account information to claim the deal or fix the issue.
Consider this phishing scam that dates back to the internet’s earliest days. An email comes in with a desperate plea from a foreign prince — he just needs a little help transferring bank funds out of his country. Could you provide him with your company’s bank account number for safekeeping the funds? The next thing you know, your business’s bank account takes a massive hit. The FBI still lists this “Nigerian prince” routine as a common scam.
Phishing scammers have many different methods to carry out their attacks. Here are seven of the most popular types of phishing attacks.
Phishing messages can be sneaky, but they all have some tell-tale signs that give themselves away. Here’s how to spot a phishing message:
In most cases, you can prevent phishing scams before they affect your business. Here are some of the best ways to avoid phishing:
Thousands of phishing scammers act without consequence every day because few people take steps to report phishing emails and track them down. If you receive or fall victim to a phishing email, here are some ways to report the cybercrime:
Falling victim to a phishing scam is scary, but your business can recover. Here are a few steps to begin recovering from a phishing attack.
Cyber liability insurance protects individuals and businesses from damages associated with online attacks, like phishing scams. With cyber insurance, your business is covered from liability claims related to leaked information and personal losses from the attack. Most cyber insurance policies include both first- and third-party liability coverage, providing some protection for your clients and customers as well.
As cyber threats continue to evolve, cyber insurance is there to protect your company from potentially damaging impacts. These include lost or damaged data, loss of income, notification costs, and resulting damage to your company’s reputation. It can even help cover extortion payments.
You and your employees can do everything right — learn how phishing works, understand the warning signs, and take appropriate precautions — and still get hooked by a scammer. But that doesn’t mean you need to be on the hook for all of the damages.
The best way to protect your business from phishing scams is to look out for the signs and avoid falling for the lure. In most cases, preventing the con is as easy as recognizing the characteristics of a scam communication, blocking the sender, and deleting the email.
Stay protected with insurance from Thimble. Click “Get a quote” or download the Thimble mobile app, answer a quick set of questions, and get covered within minutes. It’s that easy to get affordable small business insurance that works when you do.