You can be as proactive and protective as possible when it comes to cyber security for your business, but there’s one vulnerability you cannot eliminate: human error. In fact, statistics estimate that as much as 80%-90% of data breaches are due to human error.
Business owners wear many hats on a daily basis–dealing with issues and tasks in finance, workplace issues, customer service–and also fraud prevention. Cyber threats are aplenty and as new technology gains speed, fraudsters only get more and more creative.
In fact, recent studies showed that 57% of organizations experience phishing attempts on a weekly or daily basis. Safeguard both your business and your employees’ wallets by educating them on the signs and indicators of phishing attempts.
While employees can be victims, they can also be your first line of defense if they are adept at detecting fraudulent communication.
Phishing is a scam tactic fraudsters use to impersonate a person or business in order to obtain money or sensitive information from an unsuspecting victim.
Scammers use public information sources such as websites, LinkedIn, or online directories to try to be as convincing as possible to the recipient. The messages aren’t always flagged by spam filters, so human error is possible. In addition to posing as a company executive, fraudsters are also impersonating the IRS, USPS, Amazon, QuickBooks invoices, and more.
Fraudsters are betting that an employee will glance at an email from a higher-up, overlooking the typos in the email address and the body of the message, simply because it’s coming “from” a person of authority.
In this type of scam, the next message will likely involve a request to purchase gift cards and reply to them with the card numbers and even a cell phone number. Don’t fall for it!
Following is a handout you can use to educate your employees on the dangers of phishing emails:
Employees in your finance department are more likely to be targeted. Instead of a scammer posing as the company’s CEO or CFO, they may be on the receiving end of phishing emails pretending to be an employee who needs to change their direct deposit for payroll or a fake vendor demanding an overdue bill payment.
Phishing via text message, or “smishing” is also gaining popularity. As convincing as it may look, never click on a link sent via text or SMS from an unknown number.
Make sure your employees know how to spot a phony invoice request, a bogus shipment tracking link, and a fraudulent request to change a bank routing number.
Scammers purposely utilize pressure and authority by posing to be an executive of a company. They typically want their request filled ASAP or EOD, while they have you “hooked.”
Double check, even triple check, the domain of the email address. Slight variations of an email address are used intentionally. A gmail or other generic email domain can be another warning sign.
A big tell-tale for fraudsters tends to be spelling errors and poor grammar. Ask yourself, does the body of the message sound like the sender? Are their title and email signature correct?
Phishing emails are often short and to the point, lacking context of the request. This can be a red flag, especially when received out of the blue.
Whether pretending to be a CEO, CFO, or even the IRS, scammers’ requests frequently involve purchasing gift cards, bitcoin, or demanding wire transfers.
Trust your gut! Weird time of day? Unexpected invoice? Not related to a project you’ve ever worked on before? Don’t ignore your instincts if a message or request feels “off.”
Review for the above red flags. If you have any doubts, independently verify and contact the actual person or source.
Still unsure? Ask your tech department to check out the message and to block the suspicious sender.
Do not reply or click links. Never send sensitive information such as cell phone or routing numbers.
Scam artists continue to get more and more creative… Don’t let your guard down!
If you realize after the fact that you may be a scam victim, come forward to try to remediate the situation, take protective measures, or involve the authorities if needed.
Related Articles
Empowering business owners and individuals in South Jersey and Philadelphia to feel confident through proactive accounting and advisory solutions.
