New Business Direction LLC
We’ve heard numerous horror stories over the years of business owners falling victim to sophisticated phishing scams that compromise their operations, cost them thousands of dollars, and expose their customers to risk. Hackers are evolving rapidly, making it harder to distinguish between malicious threats and everyday emails.
Our goal here is to empower, not scare you. The good news? Many of these threats are avoidable with vigilance. Hackers are even craftier than before, and phishing schemes have adapted to exploit newer technologies. However, with a few best practices, you and your team can keep your data safe from current phishing trends.
Below, we outline some common phishing threats and offer ways to safeguard against them.
Common Threat 1: Impersonation of Accounting or Financial Software
Phishers continue to target users of popular accounting software, impersonating platforms like QuickBooks with claims such as “Your file is corrupted,” “Your payment method is expiring,” or “Your software needs an urgent upgrade.” The goal is to either convince you to pay for a fake service or grant them access to your system.
How to dodge the threat: Always verify the sender’s email address. Emails from Intuit or QuickBooksⓇ will end with “@intuit.com” or “@quickbooks.com.” If you receive a suspicious email, permanently delete it. Do not provide sensitive information or remote access to anyone unless they are a trusted, verified partner.
Common Threat 2: The Rise of AI-Assisted Phishing
Hackers are now leveraging AI tools to generate phishing emails that mimic legitimate communications. These emails may come from familiar addresses or look nearly identical to a colleague’s typical correspondence, including personalized details that make the email seem even more credible.
How to dodge the threat: Never click on links or download attachments from unexpected emails, even if they appear to come from trusted contacts. Always hover over links to preview the URL and verify its legitimacy. AI tools are being used both by hackers and cybersecurity experts, so staying ahead of phishing trends is more important than ever.
Common Threat 3: “You Have Voicemail,” “Urgent Invoice,” and “Thanks for Your Purchase” Emails
While voicemail and invoice phishing schemes aren’t new, hackers are increasingly using these tactics to create a sense of urgency. You might receive an unexpected email about a voicemail or invoice, often from a service you don’t use. In addition, we’ve seen emails alerting you to free prizes – you’ve won a free trip – with a link to click to claim your prize.
Lastly in this category, there is a new strategy in which phishers send “confirmation” emails suggesting that you’ve made a subscription purchase, going so far as to even include a pdf of a phony receipt.
How to dodge the threat: If something feels off, it probably is. Never download an attachment or follow a link without verifying the source through another channel. Call the service provider directly to check whether they sent the email, and always be wary of “business” emails that end in @gmail.com, @yahoo.com, etc.
Common Threat 4: The QR Code Swap
QR codes have become a ubiquitous tool, especially in restaurants and retail. However, phishers now use QR codes to disguise malicious URLs. They may overlay fake QR codes in public spaces or send phishing emails with QR codes that link to compromised websites or malware.
How to dodge the threat: Before scanning a QR code, double-check its placement and ensure it hasn’t been tampered with. After scanning, review the web address that appears and make sure it’s legitimate before clicking. If something feels suspicious, don’t scan the code.
Common Threat 5: Social Engineering on Social Media
Phishing attacks are increasingly moving to social platforms like LinkedIn and Facebook. Hackers may pose as recruiters, customers, or industry professionals to extract personal information or trick you into downloading malicious files.
How to dodge the threat: Be wary of unsolicited messages from strangers on social media, especially those requesting personal details or sharing links. Always verify the identity of anyone asking for sensitive information and avoid clicking on unknown links shared via direct messages.
Best Practices: Staying Secure in the Age of Evolving Phishing Tactics
While phishing techniques continue to evolve, the core defenses remain the same: vigilance, awareness, and caution. Here are some key best practices to follow:
- Set up multi-factor authentication (MFA): Use MFA wherever possible. This could involve receiving a code via text, email, or through an authenticator app like Google Authenticator. MFA adds an extra barrier for hackers, making it far less likely they’ll succeed even if they gain access to your credentials.
Use strong, unique passwords: Password management apps like LastPass or 1Password can generate complex passwords and securely store them. Avoid reusing passwords across different accounts. - Stay informed on new phishing tactics: Cybercriminals are constantly adapting. Subscribe to trusted cybersecurity news outlets like PCMag, Forbes, or TechCrunch to stay updated on the latest phishing techniques.
- Train your team: Cybersecurity isn’t just an IT responsibility—it’s an organization-wide effort. Conduct regular phishing simulations and training sessions to ensure that your employees recognize suspicious activity and respond appropriately.
- Don’t open doors for strangers: Whether in person or online, never allow someone to access your computer or accounts unless you have verified their identity through an established and trusted channel. If in doubt, don’t engage.
- Verify email senders: Always check email addresses carefully. A small typo or strange domain could indicate a phishing attempt. Cross-check with trusted sources if something feels off.
- Use secure file-sharing methods: When sending or receiving sensitive information, avoid doing so via email. Use encrypted file-sharing services like SmartVault or similar tools.
- Trust your instincts: If something feels off, don’t proceed. Whether it’s a weirdly worded email or a strange request, your gut is often a good first line of defense against phishing attempts.
It’s more important than ever to remain cautious and aware of evolving cybersecurity threats. Phishing is becoming more sophisticated, but by staying alert and following these best practices, you can protect your business and personal data from harm.
If you’re unsure about an email or solicitation, especially related to your accounting software, reach out to us. We’re always here to help!
Running a business can feel like a whirlwind of responsibilities! Time is a precious resource for entrepreneurs, and taking shortcuts can be tempting. However, there’s one shortcut we really recommend against: sharing sensitive documents like bank statements, financial reports, tax forms, and more over email.
When safeguarding your valuable information (and that of your customers!), prioritizing security is essential. With cyber threats constantly evolving, email is an increasingly vulnerable method for transmitting confidential data. How should you be sharing your sensitive documents instead? By embracing secure document-sharing portals.
Document-sharing portals like SmartVault employ state-of-the-art encryption techniques to prevent bad actors from accessing your information. They can streamline your workflows, save time, and reduce errors. Most have user-friendly, intuitive interfaces, too, making it easy for you and your team to implement the new tech successfully.
Portals don’t just benefit you and your business, however! They can benefit your customer relationships, too. Adopting a portal can demonstrate a commitment to protecting your customers’ data, safeguard your reputation, and help you comply with data protection regulations.
While attaching a file to an email may feel more convenient in the moment, the tradeoff could be catastrophic. Instead, by taking an extra step to secure your documents, you’re investing in the long-term success of your business. We, as accountants, cannot overstate the importance of robust data security, and we encourage you to embrace the convenience and peace of mind that secure document-sharing portals provide!
Do you have a lot of customer service inquiries in your business? If so, it can be a challenge to manage them all. Being responsive with customer service can make all the difference in your company’s success, so it makes sense to take a look at some tools that can streamline the process.
The most common solution to automating customer service inquiries is to implement a ticket management system, which is also called help desk software. Some of the things that are important to consider include:
- How fast you can respond to a customer
- How well you solve the customer’s problem
- How to track a customer’s issue if it has to be open for a while before it can be solved
- How to do all of this in a cost-effective and efficient, yet friendly, manner
These days, an inquiry can come from a multitude of places:
- Phone calls and voice mails
- Emails
- Text messages
- Social media accounts, for all the platforms you have a business presence
- Posts, replies, and comments
- Messaging
- Any other methods you have set up in your social accounts
- Chat feature on website
- Snail mail
That’s a lot of inputs to organize. When they can all be fed into the same system, you have just unified your messaging input and taken a giant step toward organizing all of these moving parts. A good ticketing system will accomplish this, and the feature you want to ask for is multi-channel accessibility.
Keeping your customer service costs low is another factor, and one way to accomplish that is to help users self-serve and solve their own issues when they can. This requires a robust knowledge base feature. A knowledge base is a set of how-to articles and videos of the most frequently asked customer service questions.
Here are a few very basic topics to consider including in your knowledge base:
- What forms of payment do you accept?
- What is your shipping policy?
- How can I get help if I need it?
- What is your return/refund policy?
- What is your privacy policy?
- What is your guarantee?
- Is my data secure with you?
- How do I update my credit card/address/phone/email?
- When will my items arrive?
- What licenses do you have?
- What are your hours?
- Do you have hours for seniors?
- How do I login?
- How do I access my digital items?
- What are your covid-19 policies for your employees? For customers?
- Are you hiring? How do I apply? What are your employment policies?
A good ticket system will also have the ability to customize the ticket, the customer service agents, the customer records, and the other important parts of the system. For example, you may want to set up your own status items for each ticket. Open, assigned, active, hold, and complete are typical status types, but you may need another one.
The workflow must also be considered in a ticket system. How does a typical ticket flow through your business, and can the system replicate that flow.
Other important features of a ticket system include:
- Support for multiple languages
- Customer response to tickets, as well as customers can view status of their tickets
- Uptime of system – service-level agreements
- Tracking, such as number of open tickets, tickets on hold, and the like
- Reporting metrics, such as wait time, ticket servicing time, and number of tickets handled by each agent
- Ticket tagging and categorizing
- Feedback loop for customer suggestions of product improvements
- Ease of use for customers and agents
- Notifications
A few of the most popular ticket management systems include:
- Zendesk
- Freshdesk or Freshservice by Freshworks
- Zoho Desk
- HubSpot Service Hub
- Salesforce Service Cloud
- LiveAgent
There are literally hundreds of technology options for any size business.
If you want to take your customer service to the next level or just want to get more organized, consider looking into these ticket systems.
