7 Strategies to Get Employees to Take Phishing Scams Seriously

7 Tactics to Get Employees Invested in Spotting Email Scams

Would your employee tell you if they clicked a weird link? Would they even recognize the threat? See how to get employees invested in preventing email scams.

Phishing Scam

According to the FBI, email scams cost businesses around the world as much as $12 billion a year. In the past two years, losses have increased by 136%. All 50 states and around 150 countries are known targets of these scams. Criminals that seek to steal data or hold it for ransom know who they’re targeting, what they’re doing and just how to get the average employee to open Pandora’s box.

No business is too large or too small to be impacted by phishing scams. And your employees are your first line of defense against these often clever and manipulative schemes. But getting employees to understand the risks and take email scams seriously is a major undertaking. Get employees invested in protecting customer data with these tips.

1. Help Them Understand Why They’re a Potential Target

Criminals target the average employee because they know that few expect to be the target of an email scam. Wouldn’t criminals target someone “higher up”? They may not understand just how much power they have and how easy it is to accidentally compromise the system.

2. Convey How Important They Are in the Fight Against Cybercriminals

In the modern office, every employee is a security guard protecting customer and company data. The door they’re protecting is a virtual one. Clicking suspicious links, visiting questionable websites on company computers or downloading something are just three ways they can throw the door wide open for criminals.

Acknowledge that every employee is a stakeholder in the company. They depend on you for employment. It’s everyone’s job to protect what’s “Ours”.

3. Be Understanding/Realistic About Falling for Email Scams

Yes, cybersecurity is serious business. An employee mistake could cost you millions. But at the same time, many people are so ashamed when they fall for something. They fail to notify their manager because of embarrassment or fear of losing their job. When a breach occurs, IT security must act fast to reduce the damage.

Email scams are intentionally clever. And they’re always changing. Criminals do their homework and are skilled at what they do. Anyone, in a momentary lapse of judgment, can fall for them. Talk to employees openly in a compassionate way that still relays the seriousness. They need to contact someone (usually IT security) immediately. Coordinate with IT security management to ensure that everyone has the right contact information to report an event.

4. Convey What’s At-stake When Email Scams Strike

It’s not hard to find stories about companies online that are similar to yours. If they are competitors or other brands that your employees know that’s even better. Don’t let phishing scams seem abstract. It happens to real companies and the costs are great. Share the stories as well as the financial and trust loss incurred.

5. Break-Through When People “Zone Out”

Try to break through security training fatigue through storytelling and imagery. If your security training involves reading a security policy each year and checking a box, it’s time to rethink how you convey critical information.

6. Present Common Scams

While criminals are constantly changing tactics, it’s easy to learn the tell-tale signs of a scam that may apply regardless of how cybercriminals try to mix things up. We’ve come a long way since the Nigerian Prince scheme, but criminals today use similar strategies to build trust, cause panic or create complacency to get us to take a desired action.

7. Create a Partnership with Your IT Security Team

Whether you’re working with a managed IT company or keep your IT in-house, the IT security team is great resource. They’ll have all the information on current risks, tactics and what you need to do you protect yourself. Tap into this wealth of knowledge. Ask them to do an email scam presentation for your team or set up a webinar in the conference room if they can’t do it in person. Getting the experts involved shows employees this is serious.

Phishing Scams: This May Be the Most Clever One We’ve Seen

Can You Spot These Phishing Scams?

Would you or your employees recognize these clever phishing scams? It only takes a click to compromise data. Find out how to protect yourself with these tips.

 

October is Cybersecurity Awareness Month. So ask yourself, how well do you know the common cybersecurity threats?

While we all know about viruses and the perils of visiting shady websites, phishing scams are some of the most frustrating and personally-violating ways that criminals access our systems—and they’re very effective. Each year, businesses in the US lose over $500 million to phishing scams in addition to the collateral damage of data breaches and the public relations nightmares.

Masquerading as urgent requests from the boss’ boss, a charitable organization that needs your help or a government program for people like “you”, it’s not easy to distinguish between authentic communications and a criminal who knows exactly what to say. It pays to be aware of the many weapons that cybercriminals deploy to sabotage individuals and the businesses they work for.

1. We’re Deactivating Your Account If You Don’t Respond Now

Scammers use fear tactics like these to encourage people to click an email link. They may then be prompted to enter login information on an imposter site. Or a pop-up may inform them that their browser is out of date. Clicking download, which may seem second nature to some, puts malware on the computer.

And boom! The computer, and perhaps your whole network, is infected.

Imagine getting this from a credit card company, payment processor, doctor, or assistance program. The criminal knows that the person who gets this will have a visceral response that may compel them to act without thinking.

Employer Security Tip: They should never click the email link. Instead, visit the site directly and look for a message from the company there. 25% of all malware attacks target financial institutions, making any link to a financial business a potential threat.

Make sure you have real-time malware protection and a firewall to limit the damage, should someone fall for this.

2. Act Immediately or the {IRS} Will Freeze Your Accounts

Phishing schemes can come through email, text or even old-fashioned phone calls. In a similar fashion to the threat described above, a criminal is attempting to get information like an SSN or logon info. Regardless of the government agency, this is scary, especially if a person does have outstanding debt, lawsuit or obligation.

Employer Security Tip: Government agencies and courts send certified letters and do not send an email, phone or text threats. Put yourself in the employee’s shoes. People feel embarrassed when they fall for things like this. Because of it, they may say nothing after they click that link, compounding the damage. Encourage employees who think they may have fallen for a scam to contact the IT helpdesk immediately. IT and management alike should respond with empathy, not outrage.

3. Search Engine Phishing Scams

While Google attempts to battle these scammers, a criminal can use a search engine organic results or paid ads to make their spoof website appear above the real site. When the person clicks the link, the site looks exactly right.

Employer Security Tip: Educate employees about websites that may pretend to be your own. They should always double-check the address in the window and look for the “HTTPS” prefix and lock symbol. If your website isn’t “HTTPS”, here’s another reason it should be.

4. This Is Your Boss’ Boss. I Need Your Help.

It’s a classic movie cliche that works in real life. A person gets past security guards by dropping names and making the guard feel that they’re going to get in trouble if they don’t comply. In your business, each employee is a security guard protecting customer data.

With the “boss’ boss” phishing scam, you usually get an email from someone who claims to be someone higher up in the company. They can’t reach your manager. But they’ve heard great things about you and knew you could help.

Employer Security Tip: Talk to employees about phishing scams. Encourage employees to stay level-headed and check things out. And praise an employee rather than criticize them if they ask for verification when a contact turns out to be legit.

Don’t Be Fooled By Phishing Scams

Employees are your first and most important line of defense against phishing scams. But they’re not infallible. And it only takes a second of judgment lapse to do serious damage. So invest in smart security solutions to protect yourself when cybercriminals target your employees and business.