Countless companies and individuals are vulnerable to phishing because of how the attack is done. It usually involves sending an urgent email or text message purportedly from a legitimate source like your bank, a client, or even Amazon. It then lures the receiver to click on a rogue link or download an attachment. From there, it starts a chain of events depending on the goal of the hackers — from infecting your system with malware to stealing your passwords and other personal information.
According to the Federal Bureau of Investigation (FBI), cybercriminals amassed over $1.2 billion in 2018 by compromising legitimate business email accounts through social engineering to conduct unauthorized wire transfer payments, more specifically, the purchase of gift cards. Victims received spoofed emails, phone calls, and text messages to purchase multiple gift cards for personal or business reasons. This spiked the incidence of business email compromise (BEC) and email account compromise (EAC) complaints received by the FBI.
One in 25 branded emails is a phishing email and 30% of phishing emails bypass default security measures. And because data breaches can cost millions and easily upend your business, it’s important to conduct phishing awareness training for your employees.
Let’s help you start a cybersecurity awareness training program with these suggestions:
Define the threats
Knowing the types of phishing scams (with rather catchy names) is essential. It gives employees an idea on the types of phishing they might potentially encounter. Here’s a quick look at seven of the most common ones:
- Deceptive phishing – This is the most common type where attackers fake a legitimate company’s official correspondence to steal personal information.
- Spear phishing – This targets specific individuals or companies by using their personal data usually found on social media sites.
- Whaling – This uses the identity of the CEO or a top executive into fooling an employee into giving their personal information.
- Malvertising – Short for malicious advertising, this type uses malware ads so hackers can gain access to their victim’s sensitive data.
- Smishing – Cybercriminals send text messages (SMS) with a malware link that steals your data.
- Pharming – Attackers directly target the domain name system (DNS) server and change the IP address. They then redirect victims to malicious sites even after the latter type in the correct website name.
- Vishing – With fake caller IDs, cybercriminals use Voice over Internet Protocol (VoIP) to trick victims into revealing personal information.
Encourage proactive behavior
Start easy and effective habits when checking emails and messages.
- Check the sender’s name carefully. Hackers typically use visible alias spoofing by having only the sender’s name visible but not the email address. Mobile users are especially susceptible to this but so are desktop users if they tend to open emails without giving the sender information a second thought.
- Note the tone of the subject line. Cybercriminals commonly use enticing, urgent, and even threatening subject lines to force the victim into prioritizing these emails.
- Be mindful of grammar. Spelling or grammar errors should be cause for concern, especially with professional correspondence.
- Hover your mouse over all links before clicking them to see the pop-up that displays the link’s real destination. Links can also be included in an attachment so be cautious of that as well.
- Report potential scams to your company and IT department as soon as possible. Do not forward them to others. This minimizes the likelihood of other employees falling victim to phishing scams.
Make it a standard
Security awareness training should be a continuous process. Regularly simulate phishing attacks and send them updates on new phishing techniques so that your employees are always on their toes against real-world threats.
It’s also best to partner with a managed IT services provider (MSP) that offers advanced security solutions. With a reliable MSP and your well-trained employees, you can keep your business out of harm’s way.
Cyber Shift Technologies can manage your email security configurations to prevent viruses and phishing scams from breaching your organization’s data. Call us today to learn more!