Friday, April 13, 2012

Protect your business by understanding common phishing techniques

Last week we introduced you to the concept of Social Engineering - manipulating people’s trust to gain confidential information. Phishing is a type of social engineering that can also be targeted towards businesses. We recommend you educate yourself and your employees to safeguard against this threat.

Recognize the signs
Phishing is a technique used to obtain personal information. The most common way a phisher obtains this information is through a spam email which appears to come from a legitimate source (e.g. a bank, a credit card company) requesting certain action to be taken. The email will usually have a link which will lead to a fraudulent web page and may have a form requesting you to enter personal information.

What many small businesses don’t realise is that phishing can happen over the phone, too (called ‘vishing’). In this type of scam the ‘phisher’ will try and get the information they want over the phone by making some kind of false claim (e.g. your IT department has requested you update your security software). Once the caller has gained the consumer's trust, they may ask the person on the phone to log onto a website to download a file to help solve the problem. The file may be infected with a virus which would give the Phisher access to your personal information.

Once scammers have 'phished' out your information (or potentially even customer information), they could use it in a number of ways. Credit cards could be used for unauthorized purchases, or information might be gathered for an identity theft scam.

Keep your Google account secure
As a Google product user, remember Google does not send emails asking you to update your personal information. We also never call customers asking for their passwords or requesting they download any programs. If you think you've received a phishing email that's trying to trick you into thinking it is from Google, don't reply to the email itself. Instead, report the phishing email to us.

To add an extra layer of security to your Google account, you can enable 2-step verification (and see video below). You will enter a code from your phone, as well as your username and password - when you sign in. If someone steals login information through phishing or social engineering, the potential hijacker still won’t have access to your phone.



For even more tips on keeping your business safe online, check out our Good to Know website.

Posted by Katrina Blake, Risk Analyst