Site icon New Business Direction LLC

Don’t Click that Sh!t: 2023 Cybersecurity Tips for Small Businesses

We’ve heard more than a few horror stories in the past few months of business owners falling for phishing scams that compromise their company, cost them thousands of dollars, and put their customers and contacts at risk. Hackers are getting more sophisticated by the day, and it’s becoming harder to tell a malicious threat from an ordinary email.

We share this insight to empower, not scare. The good news is that most threats are avoidable with a vigilant eye. In 2021, think of a phisher as more of a vampire than a heister: you have to invite them in before they can cause any harm. Below, we’ve pinpointed a few common threats for 2021 and 2022, along with best ways to avoid them. These suggestions should help keep your sensitive data secure from current phishing trends. 

Common Threat 1: QuickBooks Impersonation

One common trend we’re seeing involves solicitations from QuickBooksⓇ impersonators falsely notifying you that your QuickBooksⓇ file is corrupt, your automatic payment is about to expire, or your version of QuickBooksⓇ needs to be updated. These phishers will try to get you to pay for a phony upgrade over the phone or grant them access to your desktop to “fix” your accounting software. Here’s the thing: if you work with an accounting company like New Business Directions, we’ll probably be the first ones to know if something is wrong with your QuickBooksⓇ file. And if you’re a New Business Directions customer, QuickBooksⓇ knows you’re working with a QuickBooksⓇ Solution Provider and will often notify us of any issues your account may be experiencing, too.

How to dodge the threat: If an email appears to come from QuickBooksⓇ, check the email addresses for the correct website. If it doesn’t end in “@Intuit.com” or “@QuickBooks.com” the sender is fraudulent (even if the name before the @ symbol looks convincing). Always contact your accountant before engaging with a solicitation like this and never provide payment information or authorize remote access to your computer or QuickBooksⓇ file to anyone besides your accountant or IT solutions provider.

Common Threat 2: Download this Attachment

Another major threat to watch out for involves an email from an address you recognize (say, a customer, vendor, or team member), but asks you to enter your Microsoft credentials to view the attachment. This scam comes from a person you know, and their email address matches the one you have on file. The MicrosoftⓇ log-in screen looks legit, but the web address is not. Do not enter your Microsoft credentials. As soon as you do, the hackers have access to your email and all sensitive information you have ever sent or received via email. The phishers will then send the exact same email that you fell for to every contact in your address book.

How to dodge the threat: never enter your log-in credentials to view an attachment. If an email includes a hyperlink, hover over the link with your mouse (don’t click) and watch for a link preview to appear in the corner of your screen. In Outlook, this will be the bottom left corner. You’ll be able to see a preview of the web address the hyperlink is trying to send you to, and if it’s different from the one typed out in the email. In this case, if the domain isn’t “office.com” the email is fraudulent. This is a fast and simple step you should always take before clicking a hyperlink in an email. And when it comes to sharing sensitive information like bank statements and government IDs, you should always use a secure, encrypted file sharing application like SmartVault instead of sending the document as an email attachment. 

Common Threat 3: “You Have a Voicemail” emails

Are you surprised to be receiving an email notifying you about a new voicemail? Does it have an attachment? Is the sender posing as RingCentral or another VOIP phone system provider you use? Remember: if it seems suspicious, it probably is.

How to dodge the threat: don’t download the voicemail. If you want to be sure you’re caught up on your voice messages, navigate to your voice mailbox the way you usually do and avoid interacting with the email in question.

Common Threat #4: The QR Code Swap

QR codes have become so mainstream that we interact with them weekly, if not daily. From restaurant menus to sign up forms, they make accessing the information you need quick and simple. But there are emerging trends in which bad actors will replace a QR code with their own – by overlaying a sticker. They may also come in the form of seemingly-legit emails. But as soon as you scan these phony codes, you could be putting your sensitive data at risk or downloading malware.

How to dodge the threat: Review the preview of the web address when you scan the code, and before you click on the link that appears. Make sure it’s spelled correctly, and seems like it’s coming from the correct person or business. When dealing with QR codes that exist in a public space, take a second glance to make sure the QR code hasn’t been tampered with, such as replaced by a sticker. When in doubt: don’t scan that code!

Best Practices

There are so many ways to avoid phishing scams, but the most important thing to do is stay observant. If something seems off about an email, it probably is. Below, we’ve outlined a few specific best practices that should help you avoid scams:

    1. Don’t open the door for strangers. Never grant access to your computer to someone you don’t personally know, even if they look like a QuickBooksⓇ rep. Your accountant and your IT Support vendor/employee are the only people you should ever allow access to.

When in doubt, don’t click that sh!t

When it comes to Cyber Security, It’s always better to be safe than sorry. Be suspicious of communication that seems a little off. Avoid unusual emails and contact your IT security provider (or accountant, if it’s related to accounting) to ask for their insight right away, especially if you’ve already accidentally interacted with the phishing attempt. New Business Directions is well versed in phishing scams, and we have a keen eye for malicious emails. If you’re a current customer and feel unsure about an email or solicitation you recently received involving your accounting software, reach out to us.

Exit mobile version