Small Business Attack – Phishing

Odds are that your business has a relationship with key vendors.  Commonly, these include at least one bank and payroll processor.  Of course, were one of these accounts breached, things could get really bad. Really really bad. In fact, things could get bad enough that people might not be thinking clearly when they click on links.

That’s all an attacker needs. One brief moment of panic or excitement, one click of a link, and they’re in.

Attacks can come in many forms. All an attacker needs to know is a little bit of information about your company and be able to bypass a spam filter. Then, suddenly, your employees will start seeing emails with subject lines like:

• “Problem processing your paycheck”
• “Health insurance lapsed”
• “[Payroll Company]: Bonus check available”
• “[Your Company] being sued by [Big Company”

Once the employee opens the email, it may be all over, but odds are that your systems are somewhat secure.  This means that they’ll actually also have to click on a link.  Generally, this is done by naming the link one of the following:

• “click here”
• “more info”

At this point, the user generally clicks their mouse, the attack runs, and the attacker has access to all the files on the workstation.

But you should be OK.  After all, it’s not like your employees have access to proprietary or customer data… right?