We’ve heard numerous horror stories over the years of business owners falling victim to sophisticated phishing scams that compromise their operations, cost them thousands of dollars, and expose their customers to risk. Hackers are evolving rapidly, making it harder to distinguish between malicious threats and everyday emails.

Our goal here is to empower, not scare you. The good news? Many of these threats are avoidable with vigilance. Hackers are even craftier than before, and phishing schemes have adapted to exploit newer technologies. However, with a few best practices, you and your team can keep your data safe from current phishing trends.

Below, we outline some common phishing threats and offer ways to safeguard against them.

Common Threat 1: Impersonation of Accounting or Financial Software

Phishers continue to target users of popular accounting software, impersonating platforms like QuickBooks with claims such as “Your file is corrupted,” “Your payment method is expiring,” or “Your software needs an urgent upgrade.” The goal is to either convince you to pay for a fake service or grant them access to your system.

How to dodge the threat: Always verify the sender’s email address. Emails from Intuit or QuickBooksⓇ will end with “@intuit.com” or “@quickbooks.com.” If you receive a suspicious email, permanently delete it. Do not provide sensitive information or remote access to anyone unless they are a trusted, verified partner.

Common Threat 2: The Rise of AI-Assisted Phishing

Hackers are now leveraging AI tools to generate phishing emails that mimic legitimate communications. These emails may come from familiar addresses or look nearly identical to a colleague’s typical correspondence, including personalized details that make the email seem even more credible.

How to dodge the threat: Never click on links or download attachments from unexpected emails, even if they appear to come from trusted contacts. Always hover over links to preview the URL and verify its legitimacy. AI tools are being used both by hackers and cybersecurity experts, so staying ahead of phishing trends is more important than ever.

Common Threat 3: “You Have Voicemail,” “Urgent Invoice,” and “Thanks for Your Purchase” Emails

While voicemail and invoice phishing schemes aren’t new, hackers are increasingly using these tactics to create a sense of urgency. You might receive an unexpected email about a voicemail or invoice, often from a service you don’t use. In addition, we’ve seen emails alerting you to free prizes – you’ve won a free trip – with a link to click to claim your prize.

Lastly in this category, there is a new strategy in which phishers send “confirmation” emails suggesting that you’ve made a subscription purchase, going so far as to even include a pdf of a phony receipt.

How to dodge the threat: If something feels off, it probably is. Never download an attachment or follow a link without verifying the source through another channel. Call the service provider directly to check whether they sent the email, and always be wary of “business” emails that end in @gmail.com, @yahoo.com, etc.

Common Threat 4: The QR Code Swap

QR codes have become a ubiquitous tool, especially in restaurants and retail. However, phishers now use QR codes to disguise malicious URLs. They may overlay fake QR codes in public spaces or send phishing emails with QR codes that link to compromised websites or malware.

How to dodge the threat: Before scanning a QR code, double-check its placement and ensure it hasn’t been tampered with. After scanning, review the web address that appears and make sure it’s legitimate before clicking. If something feels suspicious, don’t scan the code.

Common Threat 5: Social Engineering on Social Media

Phishing attacks are increasingly moving to social platforms like LinkedIn and Facebook. Hackers may pose as recruiters, customers, or industry professionals to extract personal information or trick you into downloading malicious files.

How to dodge the threat: Be wary of unsolicited messages from strangers on social media, especially those requesting personal details or sharing links. Always verify the identity of anyone asking for sensitive information and avoid clicking on unknown links shared via direct messages.

Best Practices: Staying Secure in the Age of Evolving Phishing Tactics

While phishing techniques continue to evolve, the core defenses remain the same: vigilance, awareness, and caution. Here are some key best practices to follow:

• Set up multi-factor authentication (MFA): Use MFA wherever possible. This could involve receiving a code via text, email, or through an authenticator app like Google Authenticator. MFA adds an extra barrier for hackers, making it far less likely they’ll succeed even if they gain access to your credentials.
  Use strong, unique passwords: Password management apps like LastPass or 1Password can generate complex passwords and securely store them. Avoid reusing passwords across different accounts.
• Stay informed on new phishing tactics: Cybercriminals are constantly adapting. Subscribe to trusted cybersecurity news outlets like PCMag, Forbes, or TechCrunch to stay updated on the latest phishing techniques.
• Train your team: Cybersecurity isn’t just an IT responsibility—it’s an organization-wide effort. Conduct regular phishing simulations and training sessions to ensure that your employees recognize suspicious activity and respond appropriately.
• Don’t open doors for strangers: Whether in person or online, never allow someone to access your computer or accounts unless you have verified their identity through an established and trusted channel. If in doubt, don’t engage.
• Verify email senders: Always check email addresses carefully. A small typo or strange domain could indicate a phishing attempt. Cross-check with trusted sources if something feels off.
• Use secure file-sharing methods: When sending or receiving sensitive information, avoid doing so via email. Use encrypted file-sharing services like SmartVault or similar tools.
• Trust your instincts: If something feels off, don’t proceed. Whether it’s a weirdly worded email or a strange request, your gut is often a good first line of defense against phishing attempts.

It’s more important than ever to remain cautious and aware of evolving cybersecurity threats. Phishing is becoming more sophisticated, but by staying alert and following these best practices, you can protect your business and personal data from harm.

If you’re unsure about an email or solicitation, especially related to your accounting software, reach out to us. We’re always here to help!

Cloud Hosting: It’s Time to Break Up with Your In-House Servers.

Gone are the days of dial-up internet and cell phones with buttons for every letter of the alphabet. Neither dial-up nor the Blackberry makes sense in 2023, and frankly, neither does the in-house server. The current era of business demands that your data and software be readily accessible; cloud hosting is the best way to accomplish this. 

Cloud hosting is the process of storing your software and data somewhere other than the box under your desk that’s collecting dust.

It requires no more installs, re-installs, updates, or worries about backups. It allows you to work from anywhere, at any time, collaborate effortlessly with your team and professional service providers, and scale your operations –without the IT headaches. 

The cloud is safe and secure with built-in redundancies, managed IT (think firewalls and virus protection), and is part of a comprehensive disaster management plan, allowing you to eliminate the responsibility of managing it yourself while increasing the accessibility of your software and data.

Anything can happen in business — your server can crash, your office can flood, your back-up could be corrupted. Your financial data is the lifeblood of your business, and safeguarding it with modern technology like cloud hosting is essential.

When drones were first introduced to the consumer market, they were thought of almost exclusively as novelty tech toys. But they can have a surprisingly high impact on the success of some businesses, too! The flying robots can be controlled by a remote device and usually include a GPS and built-in sensors. Drones can be used to help companies:

• Access places that may not be safe for employees to go
• Increase efficiency and productivity while decreasing workload and costs
• Improve accuracy
• Gather information for pricing estimates, such as roof repair
• Inspect items, such as a tree’s disease progression
• Monitor systems or the status of certain things, such as landfill fire risks
• Photograph items or locations from an aerial view for use in marketing or record documentation

Many industries have begun routinely using drones, such as:

• Forestry
• Agriculture
• Construction
• Waste Management
• Environmental
• Disaster Relief Services
• Professional Photography and Cinematography
• Real Estate
• Advertising
• Event Planning
• Highways, Traffic, and Road Safety

Rules for Drones

Before you fly your new drone, there are rules you’ll need to follow. The FAA (Federal Aviation Administration) has set the rules for flying drones safely. There may also be legislation passed at the state and local levels that you’ll need to check on.

When using drones for commercial purposes, you’ll need to register your drone, familiarize yourself with the operating rules for your type of drone, and pass a pilot’s test. Find out more here: https://www.faa.gov/uas

Cost of Drones

Drones can cost anywhere from $50 to $25,000 and more. A beginner recreational drone can cost under $100, while a beginner commercial drone can range from $300 to $500. A commercial drone typically starts at $1,000. Drone prices will vary depending on their size, features, and intended usage.

Incorporating drones into your business can be a great way to save time, increase efficiency, and reduce costs. Drones provide a unique insight into areas that may be difficult to access or monitor, and their capabilities are ever-expanding. With careful consideration and research, drones may be able to provide an invaluable resource to your business and give you a competitive edge.

If you keep any kind of digital information in your business, you have a chance of becoming a victim of a cybercrime. The odds have increased exponentially during the pandemic, with more cyberthreats and scams floating around than ever before. Here are some ways to reduce your chances of getting attacked.

Social Engineering

Social engineering is when thieves try to get your employees to provide confidential information via a phone call or email. You can reduce your risk here by developing procedures and training any employees that take customer phone calls for the business. Require them to ask for identifying information such as a pin or code, or simply prevent them from giving out any information over the phone.

Passwords

Passwords are terribly inconvenient but incredibly necessary. Almost everyone is guilty of using passwords that are simply too easy to guess. Here are some password tips:

1. Avoid using dictionary words, even if the syllables are broken up in the password.
2. Always use a combination of upper and lower case, and don’t just make the first letter uppercase which is too predictable.
3. Include special characters, and don’t just use the exclamation point.
4. Use separate passwords for everything, especially for banking apps, accounting apps, and social media apps which are frequently hacked.
5. Make your passwords at least 12 characters.  Better yet, utilize a password vault app to generate secure passwords.

Receiving and Delivering Information

If you deliver or receive information, it should be done safely and securely. One way to do this is to use a customer portal such ShareFile or SmartVault, where the information is securely stored in the cloud. Another tool to safeguard information delivery is encrypted email.

Anti-Virus

All computer users should have anti-virus software implemented and active on their devices, including tablets and cell phones as well.  Company procedures should dictate the settings as well as the brand to use.

Spam Protection for Email

Anti-spam software is also necessary to protect the device from bad links in emails.  Users should be trained to detect and avoid phishing emails.

Malware Protection

Malware can be installed on your computer without your knowledge and if you are not careful.  To protect against these threats, avoid file-sharing when possible, be careful when visiting unknown websites, don’t download software that you don’t recognize, and be careful with links in emails.

You may also need to protect your website from malware attacks by installing a firewall or other preventative solutions.

Software Releases

Stay current with all of your software updates and upgrades. Updates and upgrades can patch vulnerabilities, so you are safer with each new installation.

Data in the Cloud

Make sure any data that you have in the cloud is behind an acceptably secure technology solution.  Today, this generally means files are stored with AES 256-bit encryption. You can also look for SOC1 and SOC2 certifications.

Need to Know

There are many policies that need to be developed for employees with regard to data handling. One example is providing data access to employees on a need-to-know basis.  For example, an operations manager does not need the password to the payroll system, but the payroll manager does.

Reducing Business Risk

These items above are the tip of the iceberg when it comes to having good data security practices in your business. Develop an excellent set of policies, train and monitor employees, and set a great example yourself when it comes to this growing threat to your business.