Phishing is the fraudulent attempt to obtain payment, private and sensitive information or data, such as usernames, passwords, credit card numbers, or other sensitive details by impersonating a trustworthy entity or person using email or other digital or phone communications.
Typically carried out by email spoofing, instant messages, and text messages.
The method is to direct users to enter personal information or make payments on fake invoices, webforms or login webpages which match the look of a legitimate bank, accounting or ecommerce website or app (among others).
Phishing is by far the most common attack performed by cyber-criminals.
See a full list of the types of Phishing attempts.
How to prevent them?
- Your customer can check if they have a corresponding invoice in Saasu by logging in via the invoice portal before making a payment to you. This is a good reason to encourage them to use the Saasu Online Invoice Portal for your business.
- Even if your customer has excellent anti-spam email filters they will still miss some malicious emails. If your customer doesn’t use a service this is the first recomendation to make to them.
- Teach your staff and work collegues what phishing emails look like. They will tend to be slightly different to the actual real companies emails. The sender email address might be different. This may be hidden so you need to view email header in the email system you use to see it.
- Train your customer (via your communications and notes in invoices) to recognise where the invoices your email come from, which email address you will always use. Even better if they know how to view headers.
- Keep your approach to emailing invoices consistent over time. Changes make customers worry that it may be a phishing attempt because your invoice looks different to the last time you sent it.
- Make sure you ask your customer to only used your saved banking details they have confirmed when making payment via EFT. Don’t ever change these details unless you absolutely have to as that also worries customers.
- Make sure you ask your customer when paying online to check the Domain name in the URL bar looks correct for your accounting systems and/or payment gateway choices.