Protect Your Business from “phishing”

This past Sunday I was watching the CBC program Marketplace and they did a special on the criminal practice of “phishing”. For those of you who are unaware of what this practice is, it is Internet fraudsters who send our emails that look like reputable companies in which they are asking you to provide information about your credit cards, banking, etc. Once they get this information from you, they immediately use it to steal money or your identity.

For example, I have received a number of these emails in the past from what appeared to be the Royal Bank of Canada. The email indicated that I needed to update some of my account information. If you click on the link inside the email, it looks very much like www.royalbank.com, however, if I would have provided my information, Internet fraudsters could have started to steal my money or my identity. This is not reserved just for the banks, emails can come from what appears to be eBay, paypal, credit card companies and any organization that deals with information that can lead a criminal to your money.

As business owners, we have a responsibility to our employees to give them tools to help guard against such criminal activity. Therefore, I have outlined 3 very simple ways that you can use to prevent ever falling victim to a “phishing” scam.

Step #1 – Type in the URL of the Company Directly

The way that “phishing” criminals take advantage of their prey is through the hyperlink embedded in the email. They embed a link inside their email that says “click here” or “update info”, etc. The bulk majority of Internet users will see this as a time-saving, hence they click. However, eliminating your desire to click, will probably ensure that you never run the risk of getting taken by a criminal online.

If you get an email from the Royal Bank, go your browser window and type in http://www.royalbank.com.

If you get an email from eBay asking for information, go to your browser window and type in http://www.ebay.com or http://www.ebay.ca

If you get an email from a company that you know you don’t do any business with, just delete it.

Step #2 – Check the URL in the Browser

There are times that even I am fooled by these “phishing” emails, some are very well done. In case you click on a link within an email (and forgo step #1) there is another way to detect whether you should be giving your information.

Look at the internet address in your browser. (circled in red). Typically if you click on a “phishing” email, this will read something like http://64.125.256.239/rbc or something like that. It will not read http://www.royalbank.com as in my example.

Check The Browser Window to Ensure You Are At the Right URL

Step #3 – Check the Security Certificate

The final check, to completly ensure that you are giving your information to the correct people is to check the security certificate of the site. First, if you are logging onto any site that has sensitive information, make sure that you are on a secured connection. You can tell whether you are on a secured connected by looking in the bottom right hand corner of your browser.

If the image below, notice that I am visiting http://www.royalbank.com and the little icon in the bottom right hand corner is a world.

Non-secured Site

Now, see the difference, when I go to the login page to access my banking information.

First, in the address bar you see https: (instead of http) and in the bottom corner your see a yellow lock box.

Secured Site

If you double click on that yellow lock box it brings up the security information for the site. You can read who issued the certificate and to whom it was issued to, as well as host of other security information. See below.

Security Certificate Information

Conclusion

The Internet is no different than protecting your small business, your home, your car, your family, etc. You protect yourself through education and prevention. I suggest that you learn the above 3 simple checks and use them every time that you are going to give sensitive information over the Internet.

What these “phishing” fraudsters are after is the uneducated … a little education of your staff can protect your business and the welfare of your employees so that you don’t fall victim to these criminals.

Comments are closed.