An international hacker was recently found to have more than 10,000 stolen debit and credit card numbers. So, clearly, phishing – the practice of tricking someone into giving bank or credit card information – is rife and plenty of people are falling for it. Many businesses issue staff with credit cards to pay for work expenses. But don’t assume everyone who works in your small business is too smart to be taken in by the corrupt come-on of some creep who slips past your email filters. Phishing messages can be slyly convincing. The website that a phisher’s email links to will have an address (URL) that is similar to but not the same as a real bank's or financial institution’s site. For instance, if the real site is at 'www.yourbank.com.au', the scammer may use an address like 'www.yourbank.com.au.log107.biz'. The fake site may be stamped with logos indistinguishable from those on the real site. Here are seven tips to help counter the slippery threat of phishing with protection, detection and correction.

2. Seven steps to avoid being 'phished'
An international hacker was recently found to have more than 10,000
stolen debit and credit card numbers. So, clearly, phishing – the practice
of tricking someone into giving bank or credit card information – is rife
and plenty of people are falling for it.
Many businesses issue staff with credit cards to pay for work expenses.
But don‟t assume everyone who works in your small business is too smart
to be taken in by the corrupt come-on of some creep who slips past your
email filters. Phishing messages can be slyly convincing.
The website that a phisher‟s email links to will have an address (URL) that
is similar to but not the same as a real bank's or financial institution‟s
site. For instance, if the real site is at 'www.yourbank.com.au', the
scammer may use an address like 'www.yourbank.com.au.log107.biz'.
The fake site may be stamped with logos indistinguishable from those on
the real site.
Here are seven tips to help counter the slippery threat of phishing with
protection, detection and correction.

3. 1. Use anti-phishing staff training programs
One way to prevent the potential financial harm that can be inflicted
by phishing attacks is to train your staff to understand phishers‟
manipulative „head hacking‟ antics. Software training programs
include PhishGuru and PhishMe, which is a phishing simulator that
boosts awareness of the sophisticated tactics used by hackers
looking to compromise your firm‟s data and systems.
2. Take a cross-platform stance
You need to raise your game as criminals grow smarter, says the
cyber safety expert for the security firm Trend Micro, Aman Chand.
Attend to all the internet-connected gadgets your business has
because you need multi-device protection, Chand says. Besides
Trend Micro, McAfee, Symantec and Webroot can offer protection
for all your devices.

4. 3. Remember your mobile
Ensure your staff do not leave mobiles unguarded, Chand says. Just
locking up a mobile with a password will no longer do. Mobile devices
need proper security software, which is available from all the big
antivirus firms, from Trend Micro to Avast!, McAfee and Norton.
Mobile is the new frontier for cybercriminals, according to Chand. In
2012, Trend Micro research showed cybercriminals were increasingly
targeting mobiles with phishing attacks. Chand highlights the plight
of the popular mobile platform Android. During its first three years
Android has faced the same number of global threats it took the
personal computer platform 14 years to rack up.

5. 4. Shun that attachment
Three quarters of all spam attachments are malicious, according to
Trend Micro research. Make sure your staff understand that if they
have doubts about an attachment they should not open it, because it
could be the gateway to your system a hacker seeks. Carelessly click
an attachment and if you are unlucky the business may be deluged
with spam. Worst case: your computers could become an open book
to a shyster intent on stealing your business‟s information.

6. 5. Run scanners
According to a security advisor for AVG Technologies AU, Michael
McKinnon, while old-school phishing attacks take credentials
under false pretences, others just infect your computers by
exploiting any detected vulnerabilities – lapses like out-of-date
or non-existent anti-hacker software.
Prevent infection, McKinnon advises, by running an anti-virus
scanner on all your computers. Vitally, it will ensure that any
known malware is detected before a rogue program executes and
takes hold of the computer.
Another tool, link-scanning software, gauges web pages‟ content
before they are opened, checking if they have been compromised.
If so, the software blocks the shady pages, which may carry code
designed to exploit the machine.

7. 6. Build an arsenal
Be thorough – combine multiple layers of anti-virus and anti-
spam technologies that are always turned on and updating
automatically. Your business‟s defensive arsenal should include a
firewall, anti-virus detection and anti-spam capabilities. Besides
AVG, popular and powerful defence brands include Avira,
Kaspersky, Ad-Aware and Spybot.
Together, your defences will shield your business from harm by
addressing different and sometimes overlapping areas of concern.
Consider upgrading your hardware if your business has clunky
computers that cannot run all the safety mechanisms. McKinnon
says: “Don‟t forsake your own security just so you can squeeze the
last drops from your old computer.”

8. 7. Change your passwords
Change login details as soon as a phishing attack occurs. Make sure
all staff use complicated passwords. Passwords should be strong,
long and secure. Have a policy so that staff use a mix of uppercase
and lowercase letters, symbols and numbers.
If you follow these steps, you should reduce the risk of your
business being phished or minimise any damage.
The effort has to be worth it because phishing is a nasty, devious
crime. Besides draining your business of valuable cash, it will leave
you feeling foolish and violated. If you relax and just hope it
doesn‟t happen to you, it may well be just a matter of time before
someone in your company is suckered.