Hopefully, your employees know a foreign prince doesn’t really want to send them $1 million, and your systems probably block those types of phishing emails. But is your team prepared to avoid taking the bait as phishing attacks grow more sophisticated? Phishing topped the list of cybercrime according to the FBI’s 2020 Internet Crime Report, with nearly a quarter million victims reported in the U.S.
Many well-crafted phishing emails, phone calls, and text messages pass through security screening. They share enough information about the target to sound legitimate. They trick the recipient into sharing additional details, so the hacker gains access to sensitive data and networks.
Start with Email Filtering
Email filtering services check all incoming and outgoing emails for spam, malware, and suspicious links and then organize these messages into respective categories and folders. Implementing email filtering is a very easy and accessible cybersecurity best practice that can ensure risks like phishing emails and malware never appear in your customers’ inboxes.
Understand the Sophistication of Phishing Schemes for Email, Phone, and Text
A recent phone scheme demonstrates how sophisticated phishing has become. The recipient answered a phone call showing their bank in the caller ID, and the caller claimed to be from the fraud department, calling about the recipient’s debit card ending in XXXX.
The caller asked if the recipient had been traveling and reported two suspicious charges at big-box out-of-state stores. The recipient responded these weren’t their charges, and the caller offered to send a new card. He knew the recipient’s address and all their phone numbers and then sent a verification code to their cell and asked the recipient to read it to him.
Then the caller asked for the recipient’s bank PIN to deactivate it. The wise recipient said “no,” but the caller even had an answer for this suspicion. He said, “Look at the number I’m calling from; it matches the number on the back of your card.” It did! But the smart recipient asked to dial the caller back, and the caller hung up. Fraud averted. Bank informed. Credit card canceled.
If this target had revealed the code sent through email, the fraudster would have gained his two-factor authentication code. That code combined with a password is all a threat actor needs to infiltrate many networks.
Similar schemes can come through emails, asking unsuspecting victims to click a link and enter login information, passwords, and other sensitive data. Links in texts and on social media can also be phishing schemes. What should you teach your employees?
Here’s What We Teach Our Team
At Airiam, we train our team to:
- Avoid clicking on any links or typing in any information on a page accessed through a link.
- Verify the sender and information needed are legitimate by going to the source and typing in the known URL directly rather than using any links.
- Never provide passwords, logins, MFA codes, etc., if not the initiator of the conversation.
- Ask IT about suspicious emails, phone calls, or texts before taking action.
- Report all phishing attempts, even the obvious ones, so that IT can investigate and inform everyone about the potential danger.
Where Is Your Company’s Weakest Link?
A company’s cybersecurity is only as strong as its weakest link, and all it takes is one employee — even a well-intentioned one — to cause that chain to break. Ensure your organization offers employee awareness and training programs that formalize and enforce cybersecurity best practices, such as using strong passwords, MFA, and accessing sensitive files only from trusted devices.
Experts predict a new wave of cybercrime and increased attacks on smaller businesses. Now more than ever, your team needs help reducing cyber risk. Confirm that your team knows and implements critical cybersecurity best practices and receives support to prevent breaches. The prosperity and longevity of your businesses depend on it!
Let Airiam help train your employees and support your IT team to ensure your business is fully protected from cyberattacks. Reach out to schedule a quick call today to learn how we can help!
An educated workforce makes for a cyber resilient organization.