In 2019, The FBI’s Internet Crime Complaint Center (IC3) reported that the losses for business email scams sat at $1.7 billion.
With cybersecurity risk at an all-time high, there’s no room for a financial blow because of a malicious link clicked through an email.
One of the first steps to avoid email phishing is educating your team on what red flags to look out for. Here are some tips to include when training your employees about phishing.
what is phishing?
Email phishing is a cyberattack where the hacker targets email to gain sensitive information. This is often performed by the hacker masking themselves as a trusted source or business.
Typically the hacker starts the scam by researching on the internet. There is not much that can be done to avoid someone researching you, but there are ways to avoid getting directly scammed (and avoid huge financial losses as a company as a result).
signs of a bec scam
The FBI lists the main ways a Business Email Compromise (BEC) occurs in a company. These identifiers should all be well-known for employees so that it’s an automatic recognition of a scam. The list includes:
- Spoof websites and email addresses
- Spear phishing emails (when an email is posed from a trusted sender)
- Use of malicious software that can gather information
- False invoice
- Data theft
- Account compromise
- Attorney impersonation
- And more
red flags in an email
There are many red flags to educate your team on. Some of the common features of phishing emails include:
- “Too Good to be True” offers are exactly what it sounds like. One example is the common scheme of “you’ve won a FREE iPhone!”
- “Sense of Urgency” is when a deal or offer is going to expire soon. This is often seen in the subject line of an email claiming to be URGENT.
- “Hyperlinks” are often used in phishing schemes. The hyperlinks can often look like a real website but have one letter off.
- “Attachments” are also something to look out for. A great recommendation is to not click on any attachments or unexpected emails.
- “Unusual Sender” might seem obvious, but it’s important to update your team to avoid clicking on emails that aren’t internally sent or from clients.
additional training requirements
Aside from informing your team about the common email phishing emails listed above, setting clear policies and expectations is crucial.
The policies that can be set in place should eliminate your company’s risk for a security breach of information. For example, the policy on sharing passwords and credit card information should be bulletproof to hackers.
If your company is already performing larger cybersecurity training due to the rise of scams, then adding additional security training on BEC scams will be easier to include.
An additional note: Social media is generally a part of most businesses. If an employee is providing too much information about the office, the hackers can pick up on schedules and patterns of the company.
If an employee is posting frequently about the company having a retreat or week off, this is making the hacker’s jobs way easier.
Do you know how much it costs to insure your business? Learn some of the main factors that will affect the cost to insure your business on our blog.