As a small business owner, you may think that your company doesn’t have to worry about being targeted by malicious email attacks because you don’t have enough customer data to make it worthwhile. However, a Symantec study found this not to be the case. In fact, the according to Symantec research 31% of all targeted attacks in 2012 were aimed at businesses with under 250 employees, and the most recent report covering December 2013 found that 52.5% of all new attacks were targeted at small businesses.
That’s quite a lot of malicious email! In fact, the Symantec research found that in December 2013 one in every 164 emails sent globally was malicious—up from one in every 437 in October 2013, and an annual high.
Clearly you need to take steps to protect your business from attacks perpetrated via malicious emails. These attacks can take many forms including attachments that when clicked install a virus, Trojan, or other malware on your computer; links that take you to a webpage that installs malware on your computer; and phishing email that tricks you into providing personal information such as User IDs, passwords, and account numbers to imposters pretending to be trusted companies and sites.
The best way to defend yourself is to be alert to potential fraud, and to know how to spot a malicious email. For tips on what to look for, check out our How to Identify Malicious Email video on YouTube. We created this in 2011, but unfortunately it is still completely relevant because all of the scams depicted in the presentation are still around today.
To test your ability to spot phishing and other malicious email, take the SonicWALL Phishing IQ Test (and suggest that everyone on your team take it too). The test shows you 10 emails and asks you to determine whether they are “phish” or “legitimate.” You’ll get your score at the end, along with an explanation for each email that details why it is or is not legitimate.
Finally, keep these general guidelines in mind when deciding what to do with a suspect email:
- Always check link destination before clicking.
- Never enter User IDs or passwords on pages from links in emails.
- Always check the URL in your browser bar to make sure it is legitimate before entering User IDs, Passwords, Account Numbers, or other sensitive information.
- Never open attachments you were not expecting.
- If in doubt, delete the email. You can always contact the purported sender independently to see if they really were trying to reach you.
See weekly Small Business Tips like this one by subscribing to our blog.