Phishing, a scam that feels almost as old as the internet itself, is actually on the rise. In 2018, 26,379 people fell victim to phishing, collectively losing over $48 million, according to a report from the FBI’s Internet Crime Complaint Center. That’s a significant increase from the $30 million that phishing victims lost in 2017. As hackers and fraudsters show no signs of slowing down, your company needs to train all employees to recognize and prevent phishing and related data breaches.
The crux of any phishing scam is to trick victims into believing a request for sensitive or personal information comes from a legitimate source. Phishers typically contact potential victims through emails or text messages that, at first glance, appear real. The message may even use the company’s banner and logo. A close look may reveal flaws, but it’s often it’s too little, too late. All a phishing message has to be is convincing enough – then, it takes just one click to give phishers access to your data.
Phishing messages generally open with a story that creates a sense of urgency or panic and prompts the victim to click on a link or open an attachment. A phisher might send you an email on behalf of your bank regarding “suspicious activity,” or a text that you’re eligible for a government refund – but only if you act quickly enough. In corporate situations, employees may receive an email from someone impersonating a superior asking them to open an attachment, visit a webpage, or purchase a gift card. The scammers don’t expect everyone to fall for it, but they can count on a few people letting their guards down and clicking without thinking.
Still not sure if you could spot a phishing scam in the wild? Here are a few warning signs to look out for:
When in doubt, don’t click links or open attachments from messages requesting payment or account information, especially when you have no reason to expect there is a problem. You can always search for the company’s contact information online and speak with a trusted representative to determine if the message is legitimate or not.
No one thinks they’ll get scammed – until they do. Intelligent, tech-savvy people can become tired, distracted, or overwhelmed and click without thinking. Falling victim to a scam – especially if the scam results in a significant loss of money – can be humiliating. It’s important that companies are clear that phishing can happen to anyone and that employees should always report phishing attempts, successful or not. During training, reassure your employees that all reports will be confidential and that alerting the company is always better than attempting to resolve the problem alone.
Today, companies handle a lot of sensitive information. There’s no time more critical than now to train your teams on data security, with a special focus on scams like phishing. What’s more, remote working is more common than ever. Compliance training programs can help ensure that employees are protected and compliant, even when they’re out of reach of an IT colleague and using personal devices with weaker antivirus software than that of company computers.
While your training should be specific to your company and the particular cybersecurity threats your employees may face in their day-to-day work, there are general tips that apply to everyone.
For employees:
For companies:
Want to get a leg up on phishing scams? Talk to the Interactive Services team to find out if our Data Privacy Compliance Training Program can help protect the health of your business.