Popular online fashion retailer, Superbalist was subject to criticism after some of its customers became victims to a phishing attack carried out by an unknown third-party earlier this year.
The phishing scam which involved messages that were sent via SMS and email asked customers to update their credit card details using a specific link.
Phishing is considered as one of the most common methods of virus spreading and online identity theft.
Approximately 90% of data breaches are caused by phishing, with the average financial cost of more than $3 million.
Superbalist did their best to ensure that their customer’s credit card information was safe. The brand could’ve suffered severely if that personal data was stolen. Luckily this was not the case.
In this blog post, we will look at 5 essential lessons that every business can learn from Superbalist’s phishing scam.
Let’s dive in:
1. Increase cyber awareness
Every business is in danger of a cyberattack.
CEO’s spend a lot of time worrying about the vulnerabilities of their security but often forget the role their employees might play when confronted with a data breach.
Employee negligence was not the cause of Superbalist’s phishing scam, but it’s important to make sure your employees are aware of all the different cyber threats.
Your employees need to know what impact a cyber attack can have on them and your business, but they also need to know what steps they can take to minimise digital risk and online theft.
Creating a culture around cybersecurity, of course, doesn’t completely remove the danger of data theft. Instead, this awareness increases your chances of identifying a cyberattack early on. This will help minimise the potential damage as well as lessen the cost of recovery.
2. Install an anti-phishing toolbar
Banking and credit card transactions should make use of authentication-based anti-phishing toolbars. A phishing toolbar is made of programs that work together to display the real domain a user is visiting.
Anti-phishing toolbars perform quality checks on websites that are being visited and compare them to a record of known phishing sites. The toolbar then immediately sends a notification, that a malicious site has been found. In most cases, these toolbars are actually free to download, which means you can get started right away.
3. Use firewalls
For more robust security, businesses are encouraged to install high-quality firewalls into their systems. A firewall acts as a barrier between the user, the computer, and potential outside intruders.
It’s advised to make use of desktop and network firewalls. Both firewalls protect your business’s software and hardware. In Superbalist’s case, heavy-duty firewalls could have helped reduce the odds of phishers infiltrating their customer network.
4. Check the source of information
A bank or credit card provider will never ask you to send personal information or passwords via an email or SMS.
It’s important to educate your employees about never clicking on the hyperlinks found in these emails and SMSes.
5. Avoid public networks
As a security professional, you need to ensure that all of your employees are working in a private network. Too often, email communication is not encrypted over public networks which means that hackers can sniff out important company information.
Keep in mind that rogue hackers often set up free hotspots that lure people to provide confidential data without the use of complex data hacking technologies.
To prevent attacks like this in the future, education about best practices when using public networks should be well received.
Telltale signs of a phishing message
Online hackers are continuously changing their strategies for stealing and using credit card information for illegal purchases.
In this section, we aim to highlight some tell-tale signs of a phishing message to help you educate your employees:
Message sent from a public email domain. Teach your employees that no legitimate business will contact anyone from an address that ends “@yahoo.com”. Not even Yahoo. A message can only be legitimate if the domain name matches the apparent sender of the email.
Poorly-written messages. A message containing grammatical errors and unusual phrases is often a scam. Teach your employees to take the time to read the message before taking any action.
It contains attachments and suspicious links. Phishing messages come in different forms but they all have one thing in common – it contains a payload. Teach your employees that a payload may either be a link to a fake website that asks for sensitive information or an infected attachment.
Phishing scams are growing at an alarming rate and are becoming increasingly difficult to recognise.
There is a lot to learn from the mistake made by Superbalist’s customers. Your employees and customers need to be empowered to protect themselves to avoid irreparable damage to both your business and your bottom line.
Digital security today is a necessity, not a nice-to-have. Why not schedule a call with one of our digital security experts to see how we can help you on your journey to a safer business ?