Can Your Employees Spot a Phishing Scam?
This Research Says NO.
As the public has become more aware of scams and fraud, cybercriminals have had to up their game. Gone are the old Nigerian prince emails that tricked consumers into handing over their financial account information; instead, experts are now seeing phishing attempts that target businesses of every size and industry, and they do so by looking like the real deal.
One tech research firm KnowBe4 sent out “phishing tests” to see how individuals and businesses were likely to respond. Their most alarming finding may be this: the most successful phishing email contained a subject line that said, “Official Data Breach Notification.”
That email enticed more employees to open and follow through with the instructions than any other attempt subject line. What would prompt employees to put their companies at risk?
First, the change in notification laws allows companies who’ve suffered a data breach to email their victims instead of taking the time and expense to use the postal system. Just a few years ago, an emailed notification would have been easy to spot as a scam, but now, it could be legitimate. Also, where older phishing attempts were trying to cast a wide net and hope that someone fell for it—addressing recipients as “Dear Blessed Sir or Madam,” for example—targeted phishing attacks against businesses look very specific to that particular company or even to a specific employee.
Your company can invest hundreds of thousands of dollars in cybersecurity, but it takes only one employee opening a phishing email and downloading malicious software to bypass all of those measures and compromise your data. That’s why it’s crucial to spend focused time on training employees at every level of the company, from the custodial staff to the executives. Anyone can be targeted and can respond to an email, so having a company-wide policy on how to interact with unsolicited information can help prevent data breaches, ransomware attacks, and other crimes.