The word “spam” has the ring of something annoying, and it certainly is. Spam email and phishing has become a massive issue for SMBs, costing businesses thousands of dollars. Spammers and scammers target SMBs because while they might be dealing in smaller amounts of money, they also have weaker cybersecurity systems and IT infrastructure in place. PWC’s 2018 Global Economic Crime & Fraud Survey: Australian Report says that the five most common cyberattacks last year were: phishing (48%), malware (39%), network scanning (24%), brute force attacks (15%) and man in the middle attacks (10%).
Safeguarding your business in 2019 now involves the implementation of proper cybersecurity systems. This needs to operate hand in hand with end-user education and efficient IT support that encompasses the full-spectrum of cyber threats and the solutions thereto. But first, let’s understand what we’re dealing with.
What Is A Spam Email?
Spam email has become a part of everyone’s reality. If you have an email account, you will have received unwanted electronic communications – better known as spam. Spam can come in the form of a desperate marketing ploy to try and get you to buy into something legitimate, or it can come with malicious intent. Malicious spam emails will usually have an attachment or link to a page that will try and coax you out of your bank account or credit card details. This is referred to as phishing.
What Is A Phishing Email?
As per the above, phishing emails are the next step up from spam email. Their purpose is to convince you to hand over personal information that could result in a breach of your personal accounts, websites, servers or the like. Often, they are disguised as regular and popular businesses, banks or other authorities, making you think you can trust them and thus handing over your credit card or banking details. By seemingly coming from trusted sources, people are led to believe that their best interests are being taken to heart.
Out of all cyber threats, phishing attacks accounted for 12% of all successful breaches in 2019 in Australia, this according to Carbon Black. In many cases, phishing emails will suggest a sense of urgency. For example, they will state that your computer has been hacked and you need to act quickly to protect it by clicking on a link and handing over your logins. Unfortunately, many people fall prey to this type of phishing email due to the fear that if they delay, something bad will happen.
How To Prevent Spam And Phishing Coming Through
In 2018, Scamwatch reports accounted for $3.8 million in losses due to business emails being compromised. Coupled with reports made to ACORN, the combined amount in losses extended to $60 million. 170% more than what was reported in 2017.
In order to avoid this, businesses need to have email filtering in place. Microsoft Office 365 comes with built-in spam filters that can be configured specifically to your business requirements. The Office 365 Security & Compliance Center gives you complete control over your anti-spam requirements. It looks for specific characteristics in the email body that are typical of spam or phishing emails. It also checks the reputation of senders before allowing emails to filter into your inbox.
However, email filters might not be enough, as we know that hackers have advanced exponentially, and we need to be smarter than them.
Dealing With Spam That Makes It To Your Inbox
There might be instances where spam does make it to your inbox. In these instances, it’s important to exercise caution. Follow these tips to prevent yourself from becoming a statistic:
• Analyse the email carefully before opening it
• If you don’t know the sender and it seems suspicious, don’t open it and rather delete it. If it’s from a legitimate source, they can always try and contact you again
• Review the sender’s email address. Often scammers posing as a well-known business (such as PayPal or your local bank) will have a spoofed email address closely attributed to the business, but it won’t match entirely
• Check the domain of the email address, delete if it’s not a domain or business you know
• Don’t click on any links in the email body if you don’t know the sender
• Don’t download any attachments from the email if you don’t know the sender
• Don’t ever give away any personal information or banking details
• If it seems suspicious, delete is straight away and apply a filter that will send future emails like that to your junk mail or spam folder
In the cases where you might accidentally click on a link in a spam email, your anti-virus software can still be a back-up support. Make sure your anti-virus software is always kept up to date and is installed on all devices.
Educating Your Team On Spam Emails And Phishing
It’s important to keep your employees informed so that they can also be empowered. Keeping them up to date on the latest spam and phishing tactics will prevent them falling prey to scam artists. Regular cybersecurity workshops should be held to educate your team on how to deal with spam. They should be able to identify spoofed email addresses, suspicious email subject lines, suspicious emails and typical spam and phishing body content. Create working scenarios where their knowledge can be put to the test.
Make sure you report spam and phishing scams when you come across them. That way, the spammers can be filtered out, one by one. You can report scams to the Australian Cyber Security Centre or Scamwatch.
Spam and phishing emails are easy to overcome with the right infrastructure and information.
Download our ebook, Cybersecurity Tips for Employees: A Complete Guide to Secure Behaviour, to equip your business with the information you need to counteract spam and phishing attacks.