You may think your network is 100% secure, but cybercriminals are looking for a way to get in. Every home office is a back door into your information security system. All an employee has to do is open a seemingly harmless but malicious email.
Every year, phishing scams cost billions in lost assets and reputation damage. According to Verizon’s 2019 Data Breach Investigations Report, 32% of all cyberattacks involved phishing. The size of your company does not ensure you are immune to cyberattacks. In fact, your information security is more at risk if you are a small- to medium-sized business. According to the Hiscox Cyber Readiness Report 2020, 70% of small businesses are not protected enough or at all.
Working from home, your employees are now your first line of defense in keeping your company’s network secure. With increased awareness, training and simulations, you can educate your employees and safeguard your company from a phishing attack.
How do Phishing Attacks Damage My Business and Network Security?
By now, you’ve heard about the “Nigerian Prince” and his big investment opportunity. Everyone’s heard the office jokes about the prince you’ve never met who wants to give you lots of money. We can laugh about that one, but phishing scams are no joke.
Phishing is one of the top threats to a company’s computer security. The United States Computer Emergency Readiness Team (US-CERT) defines a phishing attack as social engineering. Cybercriminals design a malicious email or website to get personal information so they can exploit and profit from this data. The goal is to gain the receiver's trust enough to click a link or download a file that will unleash malicious software. Malware can be in the form of
If they can get past your network security defenses, cybercriminals can mine your valuable data. Once they get into your network, they will take credit card information, personal information and sensitive data. Many companies never recover from this kind of data breach. Some will even close.
What Is a Phishing Gift Card Scam?
The sneakiest phishing scam is the “Gift Card Scam” because it bypasses your malware protection. Often called the “Do Me a Favor” scam, the email requests that your employee do you a favor. Of course, you don’t remember sending that email because you never did. The scammer has used your email and your identity to target your employees. The email looks so real, with your logo and email signature, that it fools the receiver into thinking it’s actually from you. Here’s how it works:
I need a favor: Your employee receives an email from the “boss” asking for a favor. The “boss” is unavailable, in an important meeting and cannot be disturbed.
The “boss” asks for gift cards: The “boss” is in a bind and needs the employee to buy 4 $500 gift cards for holiday bonuses.
Employee buys gift cards: Because the email is from the “boss,” the employee complies. She doesn’t check with you because you’re seemingly in an important meeting and don’t wish to be disturbed.
Employee emails to confirm the purchase: Thinking the “boss” will reimburse her, she buys the gift cards and sends the “boss” an email, confirming the purchase.
The “boss” asks for pictures: Still in a hurry and not wishing to be disturbed, the “boss” requests the receipt, pictures of the cards and the PINs.
Now, the “boss” has everything they need to sell those gift cards on the Dark Web. The employee is out $2,000, all because she didn’t make a quick phone call or write a confirmation email. And your malware software never detected this malicious email.
You’re probably asking yourself how this scam can work. Because the email is from a trusted source who makes an urgent request, many employees will follow through. Cybercriminals are counting on it.
How to Prevent Phishing Scams and Protect Your Network Security
Knowing whether to open an email or not is essential to your company’s information security. But, how do you ensure that each employee opens the right email, even when they are working from home? Teaching awareness, training your employees to spot scams and using phishing scam simulations are the best ways to increase information security.
A reputable cybersecurity company can help you make your staff aware that gift card and other phishing scams exist. A cybersecurity analyst will stress the importance of information security at the office, at home or on public WiFi. They will also explain that malware detection software can only do so much. Your employees will learn to be skeptically aware of phishing scams that can hit any business, anywhere, at any time.
Information security training explains what phishing is and how it affects network security. Once your staff knows what phishing malware is and how it functions, they’ll spot these kinds of emails. Here are the most common tricks that a cybersecurity analyst will share with your employees:
The “From” Trick – Cybercriminals use a trustworthy sender in the “from” sender field. Large companies like Amazon, banks or government entities will never ask for personal information by email.
The Spoofed Company Email Trick – Cybercriminals can take over your business account email and use your company domain email to fool your employees.
The Generic Hello Trick – Cybercriminals use generic greetings like “Hello Friend” or “Hello Capital One Bank Customer” in the email. These generic mass emails cast a wide net and prey on the unaware.
The Personal Information Request Trick – Cybercriminals use a trusted source to request usernames and passwords in the hopes that they’ll be able to gain access to sensitive information.
The Spoofed Link Trick – Cybercriminals use deceptive links that look like they go to a trusted source, but they don’t.
Once your staff knows the importance of keeping your network secure, they’ll be more suspicious of unsolicited emails. Spotting a phishing email will help keep your network secure, whether your employees are working in your office or at home.
Once your employees are trained, you’ll need to run phishing simulations. Running regular simulations helps to keep your staff on their toes and give your cybersecurity analyst a way to pinpoint any employees who are prone to being tricked.
If you’re looking for an additional layer of email security, Arnet Technologies offers phishing scam simulation tests. We will train your employees and test them to make sure they don’t fall victim to phishing scams. Give your employees the tools they need to spot a phishing scam by contacting Arnet Technologies and signing up for a Phishing Simulation Test. Just leave a note in your submission that you would like to learn more about the test and we will contact you to discuss the process.