A new type of internet scam is hitting companies and merchant accounts – "phishing" attacks. These strikes are a savvy combination of social technologies and identity theft that manages to trick people into revealing private details.
Unfortunately, it's really rewarding for fraudsters. Phishing attacks cost companies from those with low risk to high risk merchant accounts over a half-billion dollars yearly, with almost 76 percent of organizations victimized using a phishing scam. With nearly 1.5 million new phishing websites established annually, phishing attacks are on the upswing.
The good news is that ecommerce and high risk merchants do not need to be a casualty of these strikes and should understand what to search for, who is at risk, and the action to take to stop them.
How does phishing work?
Phishers have multiple tricks up their sleeves to con customers and businesses. Here's an overview of what these tactics are and what to look out for:
Fake Emails, Texts, and Calls
In the most typical phishing scam, fraudsters contact individuals, merchants, or business owners and present themselves as an authority figure from a legitimate business. The fraudster then attempts to get the victim to reveal confidential information – such as passwords and account numbers.
Fake Checkout Pages
Hackers can add malicious JavaScript snippets to advertise pages in WooCommerce, Magento, PrestaShop and other ecommerce platforms. Assuming that the customer goes and clicks into a website's checkout page, the script redirects them to a malicious website.
URL Modification
Fraudsters know that only a few vigilant customers do actually focus on the links they click. To counter that action and protect against detection, fraudsters produce more secure-looking (but still fake) URLs — generally sites that are pretty equal to the true URL, besides a few small, barely noticeable changes — to lure clients to click.
PayPal Account Suspension
Since many retailers use PayPal to conduct business, a suspended or restricted account might lead to a serious loss in revenue. Merchants, including both low and high risk merchants alike, are required to receive notice if they get an email that warns that their PayPal accounts will be more restricted because of odd activity.
Who's Most Likely to Become a Victim of Phishing?
Phishing attacks continue to grow, simply because it's working. Consumers and merchants have difficulty distinguishing fake communications from real ones, especially if they appear to come from a trusted source, like a buddy or a supervisor.
PhishLabs reported the financial industry was the hardest-hit target in second-quarter of 2017, receiving 33 percent of malware dangers, followed by web and online services (22 percent), payment services (16 percent), cloud storage/file hosting (10%), and e-commerce (7 percent).
Merchant Services Companies
Fraudsters also target businesses that process credit card payments for retailers and those who have merchant accounts because they understand that compromised balances are extremely prone to have funding available.
How can merchants protect themselves and their customers?
Create a Master List of Account Numbers: Compile all seller account sums into an individual file. Before workers open any emailed invoice, compare the account number in the email together to the master list.
Examine the Sender's Email: Even if the email seems like it's originating from a known sender, employees have to put their mouse over the name to confirm that it is coming from the correct email account.
Watch the Tone: When the tone of the email appears unusually aggressive or sterile, don't respond – delete the email and proceed.
Teach workers: Some companies will phish specific workers, sending out emails that look as though they are from coworkers or outside collaborators and document the names of other people that opened it. Take care to educate individuals who are duped by the fake phishing emails and explain the consequences of sharing sensitive information.
Leveraging Technology to Ensure Security
While preventing malware attacks generally involves a healthy dose of common sense, it does not mean technology is not crucial for protecting your company against fraudsters. Shield the merchant accounts that you've worked so hard to build by using a strong fraud detection solution, which uses innovative artificial intelligence to accommodate exceptionally trained analysts. The final result are fewer untrue declines and chargebacks and more approved earnings.