In 2019, the losses for business email scams sat at $1.7 billion, according to the Internet Crime Complaint Center (IC3).
With cybersecurity risk at an all-time high, there is no room for a financial blow caused by the simple click of a malicious link in an email.
So, how can you avoid falling victim to cyber-attacks? The first step is educating your team on how to avoid email phishing and what red flags to look out for. Below are some tips to include when training your employees about phishing; but first, what is phishing?
what is phishing?
Email phishing is a cyber-attack where a hacker targets email to gain sensitive data or personal information. This is often performed by the hacker masking themselves as a trusted source or business.
Typically, the hacker starts the scam with research on the internet. Although there is not much that can be done to avoid someone researching you, there are ways to avoid getting directly scammed—and therefore, to avoid huge financial loss as a result.
signs of a BEC scam
The FBI lists the primary ways a business email compromise (BEC) can occur in a company. These identifiers should be well-known to employees so that these signs serve as automatic recognition of a BEC scam.
The list of elements to be wary of includes:
- Spoof websites and email addresses
- Spear phishing emails (i.e. when an email is posed from a trusted sender)
- Use of malicious software that can gather information
- False invoice
- Data theft
- Account compromise
- Attorney impersonation
- And more
red flags in an email
Now that we’ve discussed what phishing is and the signs of a BEC scam occurring in your company, let’s dive into what red flags suspicious emails might contain.
There are many red flags to educate your team on. Some of the common features of phishing emails include:
- “Too good to be true” offers: These are exactly what they sound like. One example is the common scheme of “you’ve won a FREE iPhone!”
- Sense of urgency: This scam is when a deal or offer is going to expire soon; often seen in the subject line of an email claiming to be “URGENT.”
- Hyperlinks: Links are often used in phishing attacks. The hyperlinks typically look like a real website but may have one letter off, leading to a fake website, for example.
- Attachments: Attachments are also something to look out for. A great recommendation is to not click on any attachments or unexpected emails.
- An unusual sender: This might seem obvious, but it’s important to update your team on who might be emailing them to avoid clicking on emails that aren’t internally sent or from clients.
additional training requirements
Aside from informing your team about the common email phishing emails listed above, you must set clear policies and expectations regarding email scams.
The policies that can be set in place should eliminate your company’s risk of a security breach of information. For example, the policy on sharing passwords and credit card information should be unassailable to hackers.
If your company is already performing larger cybersecurity training due to the rise of scams, adding additional security training on BEC scams should be easier to include.
be careful what you post on social media
Lastly, we have to mention social media.
Social media is typically part of all businesses’ marketing strategies. If an employee is providing too much information about the office on social media, a hacker might be able to pick up on schedules and patterns of the company.
For example, if an employee is frequently posting about the company having a retreat or week off, this could make a hacker’s jobs way easier—so be mindful.
a final word
The steps you take internally in your company to protect your data can dramatically reduce your insurance coverage costs when it comes to cyber liability insurance.
Is your business properly insured against cyber attacks? And do you know how much this insurance should be costing you? Read on to learn the main factors that will affect the cost to insure your business.