BusinessNews

Know your phishing from your smishing

South Africa is in the top five for the most heavily spammed countries in the world

June 9, 2022
Content Supplied 3 minutes read

Guarding Against Phishing: A Business Owner’s Guide

Phishing, if you’re not already familiar with the term, is typically a long-running scam where fraudsters pretend to be someone else, often a brand or business that you know – persuading you to part with sensitive information or provide your banking details.

Smishing is a more recent cousin, so named for SMS messages which criminals use to get you to click on a link or call a number. You’ll also see this happen over WhatsApp  too but society has been unable to come up with a catchy name for this version so far.

Often, they replicate a bank, so you’ll follow a link to verify a fraud alert with no idea that you’re logging into a dummy screen and giving a scammer full access to your company accounts.

Recent Spam Statistics show that South Africans are in the top five for most heavily spammed countries in the world with millions of smishing texts sent daily, so it’s no laughing matter and a growing threat your organisation needs to be aware of to help protect you and your customers.

How to Protect Your Company From Phishing and Smishing

Fortunately, you can adopt many proactive strategies to keep your business, colleagues and customers safe. We’re quoting some best safety practices of Wonga South Africa in this post. Why Wonga? Because they’ve gone on the public record multiple times about the dangers of phishing over the past eight years.

They’ve worked tirelessly to promote awareness and helped teach people to be safer online. They’ve also had to deal first hand with fraudsters trying to mimic their brand image in order to dupe innocent people. In short, we can’t think of anyone better to take guidance from on the subject.

Setting Account Access Privileges

One of the first approaches is to think about how your workforce accesses data.

If we consider online banking as an example, it’s clear that only a few team members genuinely need to have a business banking app and login codes on their PC or personal device.

You can learn more about the least privilege theory in this IBM guide. The concept is based on necessary privileges, so you don’t automatically roll out high-level logins to everybody.

Instead, you should limit database and systems access to those specific parts of the network relevant to each role.

Why? Because you reduce the potential of a successful phishing attack by eliminating the volume of touchpoints a scammer might have to manipulate.

Most phishing or smishing attempts work because they look authentic and perhaps go to a junior colleague who doesn’t have the required expertise to recognise signs of fraud.

We’ll talk about training shortly, but you need to ensure that management access, such as administrator privileges for your digital assets, is restricted.

A scammer would only be able to get into a small part of your network, and would need to go through a higher-authority team member to reach it.

Communicate Attempted Attacks

There is a common dilemma whereby, perhaps, an individual receives a smishing attempt on a company phone.

They click the link without thinking, immediately realise the error, close the screen down, and keep it quiet for fear of recrimination.

Likewise, companies might decide not to say anything to their customers, assuming a reputational damage risk – but the fallout from concealing phishing or smishing attacks can be severe.

An environment of transparency and mutual effort will encourage all colleagues to speak up if they are concerned about potential malware, phishing or hacking attempts.

Punishing people who report suspected phishing is counterintuitive (and sophisticated scams can fool the best of us!).

If you suspect or know that your business has been a target – successful or not – please report it to the appropriate authorities.

In the UK, that’s Action Fraud, or you can contact the Federal Trade Commission in the US or the Internet Safety Campaign in South Africa.

Understand Your Digital Footprint

We all know that a proportion of our personal information is available through social media.

In effect, it’s a direct way for criminals and hackers to investigate your profile and make their communications more relevant.

Think about where you went to school, knowing where you work with a quick LinkedIn search, or checking which networking forums you are a member of.

However, from a business perspective, it’s easy to forget that every nugget of information you share helps malicious hackers find ways to make their phishing attempts more convincing.

The trick is to have broad oversight of the data you publish in the public domain and consider relevance and misuse risks before sharing anything that isn’t necessarily vital.

Implement Basic ID Control Systems

Finally, as a business, you need to have a robust level of security whenever anybody, at any level, chooses to log into an app, share their username, or access a protected database from a remote device.

Be upfront about security risks, share examples of fraud attacks, and empower your teams with the training they need to question, challenge and assess the legitimacy of any links or communications they receive.

June 9, 2022
Content Supplied 3 minutes read

Related Articles

Neels Janse van Rensburg and Norman Foley, both from Boksburg.

SME seminar highlights need to connect and engage

7 hours ago
Lizzy Kgaphola: I cant come to terms with how am feeling regarding this, electricity is expensive as it is. Now we will end up not eating because of rent, water, and electricity.

Residents comment on tariff increases

7 hours ago
Glynne Case is the president of the Transvaal Horticultural Society. Photo: Neo Phashe

A hope to harvest new life

7 hours ago
Holothrix randii: It grows up to a height of 350 mm and it flowers during the spring.

Wild orchids of the Melville Koppies

7 hours ago
Back to top button