In Black And White

Industry Insights

Creating new software solutions and working with an elite group of payment technology providers allows us to stay up-to-date with the latest and greatest in the payment space. And with our industry insights, you'll be well-versed and in the know.

Phishers Are Evolving - You Should Too

Phishers Are Evolving – You Should Too

In the past, it was easy enough to spot an online scam. Hackers and phishers tended toward not-so-great grammar, typos, and seemingly irrelevant URLs in their quest to get into networks and accounts to access proprietary or sensitive data. Were they successful? Absolutely. From October 2013 to December 2016, American businesses collectively lost about $1.6 billion to phishing attacks.

Despite increased awareness and enhanced security, phishing attacks continue to grow and evolve. Cybercriminals are becoming increasingly sophisticated and, with that growth, are discovering new, innovative ways to get the job done – and are negatively impacting millions of people in the process. In 2016, spam emails, one of the most common touchpoints for phishing attempts, increased 400%, with more than half containing malicious attachments. During this period, a jaw-dropping one in 131 emails contained malware, leaving end users exposed to hostile or intrusive software like Trojan horses, viruses, and spyware.

Why Cybersecurity Is Front-and-Center
Two-thirds of malware comes from email attachments, meaning that the financial and cybersecurity industries have to be on high alert. And it seems as if no company is truly immune. In 2016, American Express cardholders received emails from what appeared to be an American Express email address, inviting cardholders to safeguard themselves from fraud and phishing attacks by creating a Personal Safe Key (PSK). The only issue? It was a phishing attack, cleverly disguised as an authentic American Express communication.

So what does this mean for merchants? When involved in any sort of financial transaction, phishing should be a major concern. Fake invoices are the number one type of “phishing lure,” with one in four major malware campaigns connecting back to bogus invoices in 2016. So merchants need to be mindful of this threat if they frequently send or receive invoices. Phishing campaigns aimed at stealing account credentials also surged in popularity in 2016, with more than one in 10 focused on PayPal.

It’s also important to be alert when sending or receiving emails from customers, vendors, or other third parties. When surveyed, 38% of information security professionals said phishing emails significantly disrupted employee activities, and 27% said a phishing attack led to a malware infection. Again, the majority of these attacks originate via email. One seemingly innocuous click could easily cost a company millions.

Protecting Merchants From Phishing With Four Simple Steps
Granted, a merchant’s business isn’t destined for a phishing attack in 2018 – or ever. Even small businesses can take simple, low-cost steps to safeguard their transactions, their proprietary information, and their customers’ data. Here’s how:

Step 1: Educate Employees
A majority of businesses don’t have a cybersecurity plan in place. Buck the trend and create one, then make sure the entire organization is on board. By training employees on the importance of basic cybersecurity – having strong passwords, not opening suspicious emails, and helping teams identify signs of malware attacks – a merchant should be able to prevent many common phishing schemes, while keeping their business’ and their customers’ sensitive data more secure.

Step 2: Have An Alert Protocol
In that vein, a merchant should have an alert protocol in place so they can quickly and easily notify customers of potential phishing attacks or a data breach. While it’s never comfortable to admit a breach, it’s critical – and legally required. By having communications and next steps mapped out, merchants will be better able to quickly alert their customers if and when something goes wrong. Customers can then take adequate steps to safeguard their information and their accounts.

Internally, have a “reverse” protocol in place. In other words, simple steps employees and vendors can take if they spot something phishy. Offer one-click reporting or a streamlined IT process for getting suspicious emails flagged and managed. The easier it is, the more likely employees and partners are to comply.

Step 3: Secure WiFi And Networks
Minimally, be sure a firewall is in place that blocks malicious traffic and malware – better still, opt for a firewall that includes a built-in virus scanner. While these systems aren’t perfect, they can keep cybercriminals and malicious activities at bay, by both keeping them out and removing them if they do gain access.

Same goes for WiFi. When a new router is set up, change the password immediately and make sure that password is in step with existing security standards. Also, be sure to choose the WPA2 code option at setup, which is widely considered the safest and most secure.

Step 4: Embrace The Cloud
To merchants who haven’t embraced cloud technology, do it. Consumer-focused accounts lack basic security that, in today’s climate, every business needs to keep data secure. This approach will ensure merchants have a solid backup in place.

Protecting against phishing attacks and maintaining high levels of cybersecurity have always been a top priority for the MiCamp team. Our focus continues to be providing innovative, secure solutions that utilize EMV, tokenization, and point-to-point encryption (P2PE). This, paired with our internal and external communication processes, which are centered around identifying and eliminating phishing threats, ensures our business, our partners, and our merchants are better protected.

Share this post