Phishing is the practice of imitating a company to obtain sensitive information. This information might include credit card details for the purposes of defrauding customers, for example, or employee passwords in order to gain unauthorized access to company data.
When we think of phishing, we tend to think of the notorious ‘Nigerian Prince’ email scams, whereby a mysterious foreign beneficiary has a check with your name on it, and all you need to do is send a large advance sum and your bank details to claim your wealth.
These days, most of us can spot these scams from a mile away. We assume that we’re too digital-savvy to fall for them, but it’s important to remember that phishers survive by being one step ahead. Today, that means targeting your business through social media.
Phishing attacks via social media in the final quarter of 2017. It makes sense — social media is where most of your customers can be found, and they have an expectation that you’ll communicate with them via these channels. With that expectation comes a level of trust, and it’s this trust that phishing attacks attempt to exploit.
An example of phishing via social media
Let’s say that somebody sets up a Facebook business page that’s identical to yours in almost every way. They spend some time pushing adverts and posts into your target audience’s newsfeed, getting them used to seeing the page. Some might even like or follow this fake page, thinking it’s your business.
After a while, the fake page pushes out a post. There’s been a data breach! Click on this link to check if you’ve been affected! So your customers panic, click on the link, and arrive at what appears to be your site. They enter their details to log in, and they’re relieved to find that their account is unaffected. Meanwhile, the phishers have recorded their log-in details, which they can now use on your actual site to access your customers’ accounts.
What phishing means for your business
Attacks such as these have a devastating effect on both your customers and your business. Several surveys have found that at least one third of customers will leave if your business falls victim to a phishing attack, even if they weren’t personally affected. For most businesses, that kind of loss is a death sentence.
Here are 5 ways to protect your business from social media phishing
No business is immune to phishing. In fact, even Facebook itself was recently conned out of over $100m from a fake vendor. There are, however, steps you can take to limit your risk.
1. Train your staff
Knowledge really is power, so make sure your entire staff — not just your social media team — is up to date on the latest phishing threats. Circulate a list of official social media profile handles so that your team can spot fakes, encourage them not to click links sent via social media, and establish good password protection practices.
2. Get verified
Most social media platforms offer verification for businesses in the form of a ‘check’ next to their profile name. This signifies to your customers that they’re dealing with your official social media profile. Take the appropriate steps to get verified and let your customers know that you’ll only contact them through these official accounts.
3. Promote customer awareness
That brings us to our next step — customer awareness. Don’t assume your customers will know how to tell you apart from an imposter. Set explicit expectations for how you’ll communicate with them, e.g. you’ll only communicate with them through a verified account and you’ll never ask for credit card information. Widely publicize these standards, encourage them to report communication from fake accounts, and above all, make it easy for them to do so!
4. Use HTTPS encryption
The padlock icon you see next to some URLS signifies HTTPS encryption, which adds an extra level of security to your website. If you don’t already have it, speak to your web team to put it in place. Encourage your employees and customers to look out for the padlock when they click on a link that appears to lead to your website, and report any links that lead to non-secure sites.
5. Monitor your mentions
Social monitoring is a handy practice to keep track of conversations about your brand. Tools like Mention will let you see when your company name is mentioned on social media, so you can spot any conversations that suggest fraudulent or unauthorized activity.
Is your business protected from phishing?
Cyber attacks like phishing can cost the average small business almost $150m if successful. Download Fairdinkum’s free Security Audit Checklist now to find your weak spots — before somebody else does.
Visit our Cyber Security page for more information.