Call or Text (845) 265-2220 ☰ ˟
Manage Policy File a Claim
Logo
Call or Text
(845) 265-2220
  • Home
  • Get A Quote
    • AutomobileImage of right arrow
      • Auto Insurance Quote
      • Auto Quote Form (short)
    • Bonds
    • Business & CommercialImage of right arrow
      • Commercial Auto Insurance Quote
      • General Liability Quote Form
      • Business Owners (BOP) Quote Form
      • Builders Risk
      • Liquor Liability Quote Form
      • Workers Compensation Quote
      • Community Association Quote Form
      • Community Association Workers Compensation Quote Form
    • Farm
    • Flood
    • Health
    • HomeownersImage of right arrow
      • Homeowners Insurance Quote
      • Manufactured Home Quote
      • Homeowner Flood Quote Form
      • Community Association Unit Owners (HO-6) Quote Form
    • LifeImage of right arrow
      • Life Insurance Quote
      • Term Life Insurance Quote
    • LimousineImage of right arrow
      • Limousine Quote
      • Bond Request Form (TLC)
      • Workers Compensation Quote Form (Livery)
      • General Liability Quote Form (Livery)
    • Motorcycle
    • Recreational Vehicle
    • Renters
    • Trucking
    • Watercraft & Boat
  • Customer Service
    • AutomobileImage of right arrow
      • Request ID Card for Auto Policy
      • Request Declaration and Coverages Page for Auto Policy
      • Send Declaration and Coverages Information to Lien Holder
      • Add Vehicle to Existing Auto Policy
      • Remove Vehicle from Existing Auto Policy
      • Add Driver to Existing Auto Policy
      • Remove Driver from Existing Auto Policy
    • Business & CommercialImage of right arrow
      • Request ID Card for Commercial Auto Policy
      • Request Declaration and Coverages Page for Commercial Auto Policy
      • Add Vehicle to Existing Commercial Auto Policy
      • Remove Vehicle from Existing Commercial Auto Policy
      • Add Driver to Existing Commercial Auto Policy
      • Remove Driver from Existing Commercial Auto Policy
      • Request General Liability Certificate of Insurance
      • A Community Association Certificate Request Form
      • Request a General Liability Certificate of Insurance with Additional Insured
    • HomeownersImage of right arrow
      • Request Declaration and Coverages for Existing Homeowners Insurance Coverage
      • Request Evidence of Insurance
    • MotorcycleImage of right arrow
      • Request ID Card for Motorcycle Policy
      • Add Motorcycle to Existing Policy
      • Remove Motorcycle from Existing Policy
    • OtherImage of right arrow
      • Policy Review Request
      • Consent to Receive Electronic Records
    • Watercraft & BoatImage of right arrow
      • Request ID Card for Watercraft Policy
      • Add Watercraft to Existing Policy
      • Remove Watercraft from Existing Policy
  • Claims
    • Automobile
    • Business & Commercial
    • Flood
    • Homeowners
    • Motorcycle
    • Renters
    • Watercraft & Boat
  • Blog
  • Make a Payment
  • Resources
    • Secure File Area
    • Refer a Friend
    • Important Links
    • Calculators
    • Important Files
    • Free Reports
    • Insurance Glossary
    • Frequently Asked Questions
    • News Center
  • About Us
    • About Gerelli Insurance Agency, Inc.
    • Location Map
    • Employee Directory
    • Customer Testimonials
    • Privacy Policy
  • Contact
    • Contact Us
    • Join Our Newsletter
Icon Icon Icon Icon Icon Icon
Home > Blog > Quick Ways to Spot Phishing Messages Targeting Your Business
TUESDAY, MARCH 14, 2023

Quick Ways to Spot Phishing Messages Targeting Your Business

Quick Ways to Spot Phishing Messages Targeting Your Business

by Catherine Amick on November 16, 2022
Computer Keyboard

Gone are the days when phishing attempts were easy to identify and limited to only emails. While malicious messages are nothing new, they’re becoming more sophisticated and harder to pick out from legitimate business communications.  They are also coming at us through texts, social media chats and even phone calls.

A few simple actions with one of these messages can develop into a problem that spreads quickly across digital channels and devices, but there are things that you can do to defend against phishing attacks and resources that can help.

Vice President, Corporate Information Security Officer Jamie Neumaier knows a lot about tackling security threats. Jamie manages an information security team that works to ensure the people and systems at Erie Insurance stay as safe as possible. He answered questions about phishing scams targeting businesses and offered some useful security tips.

What is Phishing?

Phishing is malicious activity in which criminals try to gain access to user’s information, data, or devices. The goal is to get you to act without taking a moment to think, and when you do, the phishers may:

  • Gain access to data and information, which they can exploit.
  • Install malware on your system.
  • Prompt you to reveal your personal financial information for purposes of stealing money or your identity.
  • Access your email and send other malicious messages to your contacts, to exploit others.

Are Businesses Especially Vulnerable to Phishing Scams?

Yes. With more work being conducted digitally, businesses of all sizes are susceptible to attacks. Attackers also assume that small businesses do not spend a lot of money or effort on their security measures making them a potentially easier target.

Phishers can easily find your contact information online and be reasonably confident that any message they send you will be at the very least opened because you’re in a business of being responsive. The phishing messages have also grown in sophistication, so it’s easy to be convinced to visit a malicious website or download an infected file that comes in a message that looks legitimate.  If they happen to be the type of phisher to give you a call, they can be very convincing in having you follow their detailed instructions in providing them your valuable information or installing their malware.

How do You Spot a Phishing Attack?

Phishing messages that are poorly written, offer you large amounts of money or ask you for financial assistance have been common for a long time. Most of us know not to open, click or respond to these messages. As mentioned above, phishing attempts aren’t limited to emails either. Hackers now use phone numbers like your mobile number to call you and attempt to have you reveal sensitive information. They may send you text messages as well.

More recently, phishing messages are being designed to look like other emails that you might receive. They may appear to be from someone you trust like a bank, friend, software provider, retailer or vendor, but usually, the timing of the messages is unexpected.

For instance, one common technique is for a hacker to gain access to an email account through a phishing attempt, then access the account and reply to a real email conversation with a malicious link. So, when the recipient receives this email, it looks like a continuation of an earlier conversation, but it asks the recipient to download a document or enter their credentials.

How Can Phishing Attacks be Prevented?

In the course of day-to-day business between you, your employees, customers, and other consumers in general, know what you’re working on. If you receive a message, phone call or email that is unexpected or seems even just a little bit off, verify the validity of the message before taking action. Call the person who appears to have the message and ask if he or she sent it. If the answer is no, it’s a malicious message.

Other Things You Can Do:

  1. Enable multi-factor authentication (MFA) services on as many things as you can, such as your email.  If you happen to fall for one of the phishers’ tricks, having this additional layer of protection significantly helps reduce their chances of taking over your email or other targeted account
  2. Keep your software and devices up to date. The latest updates for Microsoft Office products, operating systems, third-party applications, such as Adobe Reader and smartphone operating systems contain patches that protect against the latest security issues.
  3. Hover your cursor over a link in an email to show the URL. If it looks suspicious, don’t click on it.
  4. Use a modern endpoint protection software on your devices. They’re often provided by common and well-known security brands such as McAfee and Norton. Microsoft also offers endpoint protection for Windows and other applications.  
  5. Always back up your data, so that you can get back to business as quickly as possible should you fall victim to an attack. Test your backup processes periodically to ensure they are working as expected.
  6. Educate your employees on good cybersecurity practices likehow to identify phishing attempts and spam messages. According to the World Economic Forum, up to 95% of cybersecurity issues can be traced to human error – so employee education is important.
  7. Look at the extension on Microsoft Word attachments. Most users have updated their Microsoft products so that Word documents end with .docx. If you see the antiquated .doc extension, question it.

Also, be aware that if you’re hit with an attack, you may not know immediately, and the first indication may be that your customers receive an unexpected message from you. Unfortunately, a customer calling to verify something you sent (but didn’t intend to) could be when you know you’ve been affected.

If customers call asking if a message is legitimate, and after you confirm whether you sent that email, offer them the same advice you use in your own business operations.

  • Did the customer expect to get that email?
  • Does the link or URL direct to a legitimate, expected website address?
  • Does it ask them to open a suspicious document that they didn’t expect?
  • Does it ask them for the user ID and password threatening to take away or disable their access?

Answering those questions can help you both determine whether the message is safe.

Phishing is continuously changing and evolving as perpetrators adopt new techniques and forms, so it’s essential to have a good security plan in place and watch out for emerging attacks to help protect your business. A well-trained team that knows how to spot a suspicious message can also be a great defense against phishing attacks by enabling them to respond to an attack instead of just reacting with a quick action.

The Right Protection for Your Business

Contact a trusted insurance advisor like an ERIE agent to learn about some of the smart and affordable ways to protect your business. For instance, Cyber Suite from ERIE1 can help you overcome an incident in which your customers’ or employees’ nonpublic, personal information is compromised and you have to notify them of the breach. It may be purchased and added to a business insurance policy. 

1Cyber Suite is only available to Customers with an ErieSecure Business® policy. Cyber Suite coverage and associated services reinsured under an arrangement with the Hartford Steam Boiler (Home Office: Hartford, Connecticut). © 2021 The Hartford Steam Boiler Inspection and Insurance Company (“HSB”). All rights reserved. This document is intended for informational purposes only and does not modify or invalidate any of the terms or conditions of the policy and endorsements. For specific terms and conditions, please refer to the coverage form. Coverage not available in New York.

ERIE® insurance products and services are provided by one or more of the following insurers: Erie Insurance Exchange, Erie Insurance Company, Erie Insurance Property & Casualty Company, Flagship City Insurance Company and Erie Family Life Insurance Company (home offices: Erie, Pennsylvania) or Erie Insurance Company of New York (home office: Rochester, New York).  The companies within the Erie Insurance Group are not licensed to operate in all states. Refer to the company licensure and states of operation information.

The insurance products and rates, if applicable, described in this blog are in effect as of July 2022 and may be changed at any time. 

Insurance products are subject to terms, conditions and exclusions not described in this blog. The policy contains the specific details of the coverages, terms, conditions and exclusions. 

The insurance products and services described in this blog are not offered in all states.  ERIE life insurance and annuity products are not available in New York.  ERIE Medicare supplement products are not available in the District of Columbia or New York.  ERIE long term care products are not available in the District of Columbia and New York. 

Eligibility will be determined at the time of application based upon applicable underwriting guidelines and rules in effect at that time.

Your ERIE agent can offer you practical guidance and answer questions you may have before you buy.

Posted 1:27 PM

Share |


No Comments


Post a Comment
Required
Required (Not Displayed)
Required


All comments are moderated and stripped of HTML.

NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2023
  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2014
  • 2013
  • 2012

  • directors and officers liability(1)

View Mobile Version
Facebook
LinkedIn
Twitter
Google+
Get Directions
Contact Us Today
Resources
Products
Customer Service
Payment Options
Report a Claim
News
About Us
Refer A Friend
Our Carriers
Blog
Contact Us
Contact us PO Box 362
Cold Spring, NY 10516

Ph: (845) 265-2220
Fx: (845) 265-4754
E: plservice@Gerelli-Insurance.com
© Copyright. All rights reserved. Powered by Insurance Website Builder.