Copy the code below and paste it in place of the code in the stylesheet in order to make these changes affect all your pages.

{% color "primary" color="", export_to_template_context=True %} /* change your site's color here */

{% color "secondary" color="", export_to_template_context=True %} /* change your site's secondary color here */

{% set baseFontFamily = "Montserrat" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Montserrat" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set boxContainerWidth = "nonepx" %} /* 'none' makes your site full width. Match the 'pageCenter' value to make it boxed. */

{% set pageCenter = "1200px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "300" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "300" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

6 Ways To Protect Your Business Against Phishing Schemes

by Kimberly Baylies on October 28, 2021

Phishing attacks con nieve employees into giving away information freely.With so much talk in the news about recent high-profile data breaches and cyber crime attacks, business owners are concerned about being hacked. And rightly so. In this age of digital connectedness, there's ample opportunity for fraudsters. And they're taking full advantage of it at an alarming rate.

But there is another, equally as dangerous, type of cyber crime that tends to get overlooked by business owners and their employees.

Many business owners think that you have to be hacked to be a victim of a data breach. But the truth is, cybercriminals would prefer you to give away sensitive information freely. We call this tactic phishing, and it leads unsuspecting employees to help hackers commit Business Email Compromise or BEC. 

Phishing is one of the most common forms of cyber attack plaguing both individuals and businesses. 

What is Phishing?

Phishing is a type of social engineering tactic cybercriminals use to tempt employees into willingly giving sensitive information or completing an action. It is a fraudulent practice where criminals send emails posing as reputable companies or individuals that the employee trusts or obeys. 

In a phishing attack, the fraudster infiltrates office communications for the purpose of stealing from the company. The email intends to persuade the employee to give personal information, payment information, passwords, or to download malicious software on the victim’s infrastructure. 

Why is preparing for and combating phishing so important?

According to the FBI’s Internet Crime Complaint Center (IC3), phishing scams were among the top three crimes reported in 2020. In their 2020 Internet Crime Report, the FBI reveals that the IC3 received 791,790 complaints in 2020. 

This is a record number of complaints and represents a 69% increase over 2019. Phishing remains one of the most prominent scams, resulting in over $54 million in losses and, according to the FBI, is on the rise. In fact, phishing campaigns are responsible for many of the most high-profile data breaches in recent years. 

And businesses are feeling the pressure. 71% of organizations reported phishing attacks in the last year, with spoofed email accounts and websites being among the most common. According to 35% of organizations, more than 50% of security incidents in the last 12 months were BEC/phishing attacks. In addition, for 1 out of 4 businesses, delivery via email was the avenue for 76-100% of detected malware.

Successful phishing attacks can open the door to other cyber crimes that put your customers in danger. Cross Site Skimming (XSS) is a crime where malicious code is inserted into the website, exposing your customers to malware and further phishing attempts.

A successful phishing attack can give the cybercriminal access to your eCommerce site and check out pages. Once they gain access to your ecommerce pages, cybercriminals can deploy a data theft tactic called E-skimming.

E-skimming allows hackers to steal credit card information and personal data in real time from the payment pages of a website.

Don't think you’re not a target. This type of crime isn't something that only affects certain types of business, a certain size of business, or even only businesses. 

BEC/phishing incidents have been reported in all 50 states and in over 150 countries. And this type of scam affects businesses of all types and sizes, big and small, as well as individuals. In fact, 28% of data breach victims are small businesses.

And, as you can see, over the past two years,  it has become more and more popular with cybercriminals. 

Why is phishing such a popular target with cybercriminals?

Are your employees falling prey to phishing attempts and opening the door willingly for criminals?

Business Email is a popular target for a fraudster simply because people are not terribly aware of the scam . Many companies do not have specific protocols in place regarding phishing or BEC incidents. Not only that, but few make the effort to create a culture of awareness among employees to watch out for it. 

Fraudsters use social engineering or computer intrusion techniques to compromise business email accounts with the goal of stealing some type of data. That data could be Personally Identifying Information (PII), Wage and Tax Statement (W-2) forms, or data to facilitate unauthorized transfers of funds. Obviously, one of the most common desires is money, but often the bad guys are playing more of a long game. 

The actor does their research so that they know personal names, client names and transaction information, making them seem more legitimate. They get a hold of travel information so they know when a boss is going out of town or about to board a plane. They become privy to the timing of when a deal is supposed to close, making it seem timely and not out of the ordinary. They gain all this information and use it as a way to reduce the suspicion of the target employee.

Then they send out or interrupt email chains between a business owner, CEO, or a manager and a staff member using the information to gain the employee’s trust. 

Urgency is key when it comes to these types of scams. The fraudster needs to make the recipient feel a sense of urgency, that this transaction needs to happen ASAP. They will often lead the employee to believe the boss or “powers that be” are in a hurry. There is no time to question the situation.

These phishers are sophisticated and usually research and target specific individuals. Unfortunately, without proper training, it’s easy for unsuspecting employees to fall prey to these scams.

To combat these types of sophisticated phishing attacks, businesses must create a coordinated approach that includes security software, AI, standard protocols and human intervention.

6 ways to arm yourself against phishing attempts

 

1. Educate yourself on common types of attacks and what to watch out for.  

Account takeovers: Scammers usually target a member of the executive and management team. All high-level team members are vulnerable. 

The fraudster takes over the email account of upper level leadership and uses it to target lower-level members of the team. They can also reach out to colleagues and even customers using the stolen email. They use the email from this prominent figure to make requests for transactions and acquire private information.

Phone Phishing: Fraudsters can also impersonate companies by using VoIP technology to mask the phone number and location of the call. They then use this trusted business name to get the party to reveal sensitive data and personal information.

Email address spoofing: Fraudsters closely spoof the email address of someone the employee regularly exchanges email with. A link embedded within the email can redirect the employee to a spoofed page or unsecure website.

Another tactic is to include an attachment that when opened installs malware on the companies infrastructure.

Once in, the fraudster can create fake check out pages, reroute your website URL, and skim personal and credit card information.

2. Employee training and education-

Overwhelmingly, the key factor to protecting your business from phishing attacks is your employees. Security specialists like to point out that at the end of the day, it is human nature that is the weak link. It doesn't matter how tight your security measures are, your company is only as secure as its user base.

Education and training is by far the best way to arm your company against this type of fraud. Your employees are your first line of defense against phishing attacks. Businesses should implement formal and ongoing training to teach employees how to recognize common phishing schemes. Also make sure there is a welcome and standard protocol for reporting potential attacks. 

Requiring multi-factor authentication for all business email access offers a second layer of protection. This extra step makes it much harder for a potential fraudster to gain control over an account. Employees who are aware of the prevalence of phishing practices and armed with knowledge to recognize potential risks will better understand their role in protecting your company from a potential breach.

It is easy to blame the employee for falling victim to a phishing scam. But if you’re not arming your employees with the knowledge they need to help protect your company, you are doing a disservice to them and the integrity of your company.

The FBI has compiled a great list of “self-protection strategies” that can easily be distributed to employees to begin the process of education as well as give them a sense of power and responsibility to help protect the company and fellow employees. “Best Practices for Victim Response and Reporting of Cyber Incidents” is also a valuable resource located on the United States Department of Justice website.

3. Specialized Email Security Software-

There are also 3rd party companies who specialize in protecting company email accounts from fraud. Using AI to detect anomalies in the header and body of emails that could reveal potentially fraudulent situations flags the email before the human even gets it. 

Phishing emails often attempt to impersonate web services like Microsoft Outlook, include links to fraudulent signature pages, or attempt to spoof an email address. Email security software can not only recognize these tactics, but will also quarantine the email immediately. This not only protects the employee from making a mistake, but also gives the business time to investigate the issue.

4. Create A Standard Transaction Protocol

Developing standard processes will help businesses from falling victim to phishing attacks and Business Email Compromise.The next best thing to set in motion is a clearly defined checks-and-balances protocol, so no one person makes the decisions. Businesses should create a standard protocol for any type of financial transaction. And make sure that all employees are aware and abide by it.  

An example might be to implement rules stating that every financial transaction must be double verified before any transfer is completed. Some businesses have even been known to create a unique code word for each transaction that only the two parties involved are privy to. Meaning it is not talked about or revealed within email communications. 

5. Employ E-commerce Security Best Practices

Protect your website with SSL certificate elevating your website to HTTPS. SSL certification helps to authenticate and encrypt links between computers and shows shoppers they can trust you.

Employees should always use strong passwords and should never share those passwords through digital communication. Employers should implement password expiration, requiring employees to change passwords on a scheduled timeline throughout the year.

Go a step further by requiring double authentication either through 2-step verification (2Sv) or Multi-factor authentication (MFA).

These methods require users to provide an additional method of identity verification beyond the username and password. Additional verification can include confirming a log in attempt or entering a one-time code they received by text, email, or phone call.

Create a security update calendar. It is easier to make sure your software and security updates are done regularly when you create a calendar. Run vulnerability scans, perform security updates as needed, and patch vulnerabilities. This way, you can make security a priority without it affecting regular daily business.

And don't forget to complete your annual PCI Compliance. The goal is to detect weaknesses and fix them before a fraudster has a chance to exploit them.

6. Test the protocols regularly

Even educated employees can become complacent when nothing has gone wrong in a while. Testing phishing and cyber attack protocols on a regular basis helps to keep employees on their toes. 

This might entail sending test phishing emails to different sets of employees to see if they catch them. It helps to keep the fact that this type of cyber attack is prevalent at the forefront of their mind. And it also helps to ingrain in them what to look for and how to recognize anomalies. 

At Bankcard International Group, we understand how important security in all forms is for our business clients. Obviously, being in the payments industry, we intend to supply our clients with the highest and most secure payment transactions available. But we also strive to educate our clients regarding all types of potential fraud and security breach threats. And currently, phishing scams and Business Email Compromise are among the most prevalent and costly cyber crimes affecting businesses.

B.I.G. employs a team of ETA-Certified Payment Professionals highly educated in today’s cutting-edge solutions. Our advisors leverage our vast network, along with decades of experience, to provide merchants with a consultative approach to providing their business needs. This makes us uniquely positioned to provide businesses with a curated, high risk merchant account. It also means we've procured a robust suite of industry leading fraud prevention and payment management tools.

Because the best way to be successful is to not fall victim to costly fraud and thievery. To learn more, call Bankcard International Group today.

CONTACT US

Topics: High Risk Merchant Account, Business Tips, eCommerce