Phishing isn’t a new tactic, nor is it something most email marketers would ever participate in. However, in today’s cyber world, it’s worth understanding and protecting against…after all, if it’s perceived by your customers that a phishing incident has taken place, it could negatively impact your company’s reputation and your bottom-line.

Phishing Basics: Definition

So what exactly is Phishing?  Well, according to Wikipedia, phishing is defined as follows:

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

Phishing is typically carried out by email spoofing or instant messaging and it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site, the only difference being the URL of the website in concern. Communications purporting to be from social websitesauction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that distribute malware.

Phishing Basics: Protection

Now that we have a clear understanding of what phishing is, let’s discuss how you can protect yourself, and your clients, from these scams.

  • Solidify Your Business Processes – If you deal with large transactions, include a secondary verification step in your process.  The second step could be a verification email, manager approval code, or phone verification.  While it may cost you a small amount of time to perform this second verification step, it could save you a great deal of time and money in the future should you have to rectify the fallout from a phishing scam.
  • Educate Your Customers – Make education part of your customer onboarding process and include tips for safety and phishing awareness in your FAQs and Terms of Use.  This way your customers will always know what to expect from you and will be less inclined to fall for a potential phishing scam should they receive one ‘from your company.’
  • Stay On Top of Technology and Education – Continuing education will be key to your vigilance!  Keep your finger on the pulse and stay educated on new technology and tactics.  Subscribe to newsletters from security and industry websites that will help you stay informed.
  • Develop a Plan – The hope is that you’ll never need it, but don’t wait until it’s too late…develop a response plan now so if a phishing attack should take place, your company and your customers will be able to respond quickly and minimize the damage.