What is a Phishing Attack?

Topics: Agent Resources Cyber Liability

Are you leaving agency and client data in unsafe waters where cyber criminals are known to phish? With more and more businesses falling victim to cybersecurity attacks, learning how to prevent a data breach is essential to maintaining a good reputation – and for avoiding thousands of dollars in damages.

What is a Phishing Scam?

Phishing is a scam in which an identity thief pretends to be someone else, typically through an email or phone call, in order to gain your trust and obtain your financial or other sensitive data. If you don’t close the loop on your company’s vulnerabilities, you may be baiting the hook the cyber crooks use to catch you unaware and reel in your valuable, sensitive data.

How Cyber Thieves Use Phishing Scams to Steal Sensitive Information

In the old days, phishing emails often came from a faraway place, with the promise of millions of dollars. These days, identity thieves have gotten smarter. Modern phishing emails or phone calls usually appear to come from a well-known company that many people do business with, such as your bank or a popular software company.

Or, you may receive an email from your credit card company or bank saying there’s a problem with your account. The email looks similar to the ones you’re used to receiving from your bank. You want to take care of that problem right away, so you click the link and are taken to a website that looks just like the bank’s website. Then you log in. Unfortunately, this isn’t your bank’s website, and you’ve just given your username and password to an identity thief.

Phishing scams can appear to come from any company, big or small. All an identity thief needs to do is copy an email template and create a look-a-like website – or sound like an IT representative on the phone.

How to Recognize Phishing Scams

What is a common indicator of a phising attempt? A few of the telltale signs that you may be the target of a cybersecurity attack are:

Private or secure information is requested
Most companies won’t ask you to provide private or secure information from within an email or during a call they made to you. If they do, don’t trust the email or caller. Call your bank and talk to your banker about whether the call or email is legitimate.

The links in a phishing email aren’t valid
Always check links before clicking on them. Slide your mouse over top of the link, and check the address that pops up or appears in the status bar. If the link doesn’t go to the company’s official site, don’t click.

They require the information immediately
Even if you trust the email or phone call, don’t provide any information there when they request it. Instead, open your browser and go directly to the company’s site, rather than clicking the email link. If it’s a phone call, hang up and call the company back using the phone number from their website or your latest statement.

Protect Your Clients with Cyber Liability Insurance from AmTrust

Cyber liability insurance provides a variety of services to address the modern day risks and threats of business identity theft and data breach. If you have questions about cyber liability coverage, please talk to your AmTrust-appointed agent, or contact us directly.

Barbra Merwin is SVP at AmTrust North America, a multi-national property and casualty insurer specializing in coverage for small businesses. Please visit our website for more information on cyber liability plans and small business insurance coverage. Or, check out the PolicyWire blog for more helpful topics about cyber liability . This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors.

Time Zones