Just yesterday I worked with a new residential client who fell for a phishing scam costing them just over $11,000. It was multilayered and very clever.
If there’s anything that comes above any other form of protecting your data security, it’s you. You and your team need to be aware of phishing emails.
What is a phishing email? It’s like a wolf in sheep’s clothing or an email designed to look like an important (familiar) email you know and trust, with links, attachments, or phone numbers.
One of the best ways to stay protected is to stay informed.
There are three main themes of phishing emails: Major, moderate, and minor.
Major Themes
The big leagues. These are emails that look so convincing that you likely wouldn’t think twice about them. They’re usually finance-related and make up a whopping 54% of attacks. They often pretend to be invoices or payment requests designed to lure recipients into giving away sensitive financial information.
The “urgent” notification phishing emails make up 35% of attacks. They follow a “two-punch” formula insisting on “the sky is falling” (some impending doom) and a clever call to action, like your password is about to expire or something urgent.
Moderate themes
Phishing doesn’t necessarily need to be only email. Voicemail or document scams account for 25% and 38% of attacks, respectively. The voicemail one is where they claim to be Microsoft (they’re not) and you call back. The document scam is like getting a very real email from OneDrive or DropBox, containing an infected file from someone you know who’s been compromised.
Minor themes
This one is a bit less common but still poses a risk. These include benefit emails, taxes, job applications, property, and things like that.
So why should you care?
I get it. It seems so obvious right? That’s what the victim I met said yesterday. She thought she’d seen them all.
As she can tell you, falling victim to these scams has serious consequences, including financial loss, data breaches, and damage to the image of your business. It’s so essential to educate your employees about the dangers of phishing attacks.
We actually have phishing simulations where we send fake phishing emails to your employees. If they click our Outlook plugin to check if it’s a phishing email, a confetti animation shows. If they click on the phishing email or enter anything valuable, our warning (training) message comes up.
Can you see the theme here? Awareness is your best defense. You can safeguard your company’s valuable assets from cyber threats by staying informed, training your crew, and using strong security protocols.
If you’re not 100% sure that you or your staff are not fully aware or protected, then please reach out. No strings attached. 🙂
