 Wait, nearly don't click on that link. We are here to share how to protect your business from phishing scams. Believe it or not, 88% of businesses around the world experienced a phishing scam last year. But there's a difference between an attempt and a successful attack. 65% of organizations in the United States experienced a successful phishing attack and 19.8% of employees clicked on phishing email links. And it's the most common way to cause a breach. So what exactly are phishing scams? Well, it's an attempt by an outside organization to get in and steal your personal information for financial gain. And this is pretty severe. I mean, it's cost just in the US alone in one year, roughly half a billion dollars. The overall term for these scams, phishing with a pH is a modified version of phishing with an F. Except in this instance, the only one doing the phishing are the crooks. And they're really trying to catch you and reel you in with their sneaky email lure. So being able to avoid their bait is a very important skill for all internet users. And if you're running any aspect of your business online, if you get caught, it'll cost you. Now let's talk about what type of phishing attacks there are. And now the methods that these scam artists are using are constantly becoming more sophisticated, which is why it becomes so dangerous. Now, while email is still the large focus for attackers, it's important to note that with the rise of mobile social media, social media is happening there too. And hey, some attacks are easy to spot. A Twitter bot sends you a private message containing a short new URL that leads to something, some type of bad malware, or maybe even like a fake request asking for your payment details. But it can be a little bit more complex as well. And then there's SMS phishing and my probably my new favorite term, submission. The attack works in kind of the same way that an email does, presenting the victim with a fraudulent offer or a fake warning as an incentive to click through the malicious URL that's usually hidden in the form of something's familiar. So you might be wondering, how can I spot a phishing attack? Well, at least I hope you're wondering that since it is such a common problem. There's actually plenty of resources online to help you. There was even a popular phishing attack that was so bad that PayPal even addressed it on its own website and showed off popular ways of figuring out whether the email is a phishing email or a legitimate one coming from PayPal themselves. So here are some things to watch out for. No email is going to be sent from a public domain. So for example, if you see an email come through from a business at gmail.com, you should be suspicious. So if the domain name, the part after the at symbol matches the business name, it's probably legit, but you could also go ahead and pop that domain name into a search engine to do a double check. Now this makes detecting phishing seem, I don't know, easy, but trust me, the attackers have a lot of tricks up their sleeve. Another clear way to see if a an email or some other variation is a phishing attempt is to check to see if the domain name is misspelled. Like if something is being sent from Google and it has a couple extra O's or a three for the E, it's probably not coming from Google. And the problem that anyone can buy a domain name makes this a little bit unique. So again, going back to Emma's point of checking on the search engine to see what that what that company's domain actually is is a surefire way to see if the email that you're getting sent is legitimate or if it's just another one trying to bait you in with their lure. Also, keep an eye out if the message is poorly written. Look for spelling errors, grammatical errors. Oftentimes the emails are coming from non-english speaking countries where they just don't have the ability to learn the language. So with this in mind, it becomes easier to spot a typo that's coming from a legitimate sender, burst and attacker. And it's your responsibility to look at the context of that message to determine if is in fact someone phishing. A lot of phishing emails or attacks will include some type of suspicious attachment or links. No matter how the phishing scams are attempted, they'll all contain a payload either an infected attachment asking you to download to your computer where it can run a muck or a link to a bogus website. The purpose of these payloads is to capture sensitive information such as your login credentials, credit card details, phone numbers and account numbers, anything that they can get their hands on to then get access to other sensitive information like a bank account. So to ensure that you don't fall for this, you're going to need to train yourself to really look at the links. And there are some tricks. You could go ahead and hover over the link if you're on your computer and the actual address will pop up so you can see, OK, where is this going to go? And on a mobile device, you can actually hover over the link and push down and it'll pop up and you can see there as well to then determine is this legitimate or not. Exactly, and a great surefire way to kind of spot to see whether the phishing attempt is valid or if it's legitimate email is to see if the message creates a sense of urgency. Scammers know that most of us procrastinate. We receive an email, given us important news, and we just decided to just deal with it later, read it later, just mark is read and never remember it like me. But the longer you think about something, the more likely you are to notice that things don't seem right. And that's why so many of these scam requests have that urgency and it's to get you to act now. So if you see something like, hey, your password is expired, you must log in with the next three hours to reset it or your Microsoft key is invalid. You have until three a.m. to activate it, whatever it might be. Those are surefire ways to see that this is actual a phishing attempt because most of the time the emails that we receive aren't that time sensitive. So just being suspicious, being alert is a huge step forward to protecting yourself from potentially being phished. Now, Emma, what should you do if you receive this phishing email? Great question, Nealy. Report it. Absolutely report it. And the good news is most email clients give you a really simple way to flag or report a suspicious email. But Emma, what happens if you accidentally clicked on the link of the email? All right. Well, Nealy, whoops, you clicked on the link. They would say, go ahead and absolutely reset the password to anything that was compromised and strongly encouraged that you have a two factor authentication where you're sent a one time code. It's just this added layer of protection. Highly recommended. You can really never be too cautious when it comes to phishing scams and because these are born out of vulnerabilities, if one hacker finds a situation that can be exploited, they are going to do so. And it's easy to get complacent with cybersecurity, but the stakes are too high to get complacent. So SMBs need to be attentive to protect their assets and their reputation. These tips are surefire ways to see if it is a legitimate request or if it's just a phishing attempt. And if you've learned anything in this video or just had fun watching, make sure you give us a like and drop a comment below. And be sure to subscribe so you know when our next video comes out. Thanks for tuning in. This is the journey.