Phishing scams are some of the most common cyber security attacks faced by both individuals and companies today. Webroot describes phishing as an act where scammers send an email that looks as if it's from a real company offering promos and services, all to solicit info.
Businesses in particular are popular targets due to the goldmine of confidential information in their databases.
That data can be worth a lot.
Cybsafe even states that scammers are more likely to go after companies for sensitive data, not to steal money… although the aforementioned data is then used for money-making, certainly.
As our way of helping businesses avoid phishing scams, we’re here to offer tips to employees on how to recognise such scams. After all, the only way a business can fall prey to phishing is if an individual in it -- an employee -- falls for the scam.
Employees need to take phishing seriously or their company could end up in serious legal trouble. It could even lead to them getting fired if the data leak is traced back to them.
That’s why tips like the ones we give here are important. But before we get to those, we’ll start by explaining how phishing works and what effects it can have on a company.
Worst-Case Scenario when a Company Falls for Phishing Scam
Organisations are strongly encouraged to educate employees about online scams through seminars. One careless click could lead to a massive data breach and could tarnish the reputation of the company forever too.
In fact, according to an IBM report, phishing scams can cause monetary damage to companies of up to $4 million dollars!
Typically, a phishing attack at work happens when an employee unwittingly clicks on a suspicious link. This may cause a malware to be installed to gain access to the company’s database, which houses a pool of sensitive data.
In a worst-case scenario, an email could cause an employee to input login credentials, which the scammer would record.
Those credentials would then be used to authorise money transfers. It’s not a common occurrence, but it’s surely the worst that can happen because money will be lost directly by the company.
Since scammers are getting more creative every day, what we’ve described is pretty much just the tip of the iceberg. New phishing attacks are turning up every day.
So, it’s best to be one step ahead by keeping employees informed and prepared, not least by offering the tips below.
How to Recognise Phishing Scams: The Warning Signs
While hackers are becoming more creative in their phishing attempts, there are still “tells” in most of their efforts. If you know the signs to look for, you can avoid falling into their traps.
Here are the most common signs that you’re looking at a phishing message or attempt.
If you see any of these, steer clear!
1) Asking for personal and financial information
If you regularly receive emails from your bank in your personal email, then there’s nothing much to be worried about because most people use their personal email for updates and promos from their bank.
However, it’s a different story when your work email starts receiving emails from your bank, or even any financial institution.
Almost all phishing emails appear as if they’re from a bank offering discounts and promos as long as you provide your bank account number or PIN. Never provide such information in response to a suspicious email.
Some companies actually prepare their employees for such attacks, fortunately. For example, the people at Fridge Repair Singapore run anti-phishing training seminars for their office-based employees before they start working.
When we interviewed the company’s employees, more than half of them said that they’ve received emails on their company email asking for their bank account information.
Because they had received training on this, though, none fell for the scams. All of them alerted their boss to the scam emails they’ve received.
That’s why it’s the boss’s job to educate employees on phishing scams. Still, if your employer isn’t conducting such training yet, better protect yourself by learning what you can on your own initiative.
2) Grammar and spelling errors
Checking for spelling and grammar mistakes is perhaps one of the easiest ways to spot phishing emails. Almost every phishing email is riddled with spelling and grammar mistakes.
After all, scammers don’t care enough to hire editors to fix the grammar of their phishing emails. You don’t have to be a grammar expert to spot these either, in most cases.
For example, the practice manager of Colorectal Surgeon Singapore told us that he has received countless phishing emails from people pretending to be patients interested in their services.
He recommends deploying a spam filter that would block emails with viruses and suspicious links, and actually has the practice’s staff do the same. This helps lessen the number of phishing emails that get through.
3) An offer too good to be true
Scammers love to bait their victims with offers that are just too good to be true. Some common tactics are to send out an email detailing how the receiver won an all-expense-paid trip after visiting a certain website.
Most of these emails contain a link that would ask the receiver to click in order to claim their prize. Once these links are clicked, the hackers can install malware on their computer and gain access to the company’s confidential information.
Some of these links will also redirect the receiver to a fake website that will encourage them to provide their personal information in order to receive their prize.
According to David Ting of Imprivata, scam links in emails are the most effective phishing scams as a lot of companies fall victim to them.
Only way to address it is to install a strong antivirus with multi-layered security that would automatically block fake websites. It should do a lot to prevent malware or suspicious links from getting through.
What are your thoughts on phishing scams?
That’s a wrap for our tips on how to spot and avoid phishing scams at work! These are our the top 3 methods to recognise these nasty schemes when they make you a target.
As scammers are discovering new ways to scam businesses, everyone should educate themselves on techniques widely used by such people.
If you can think of other tips that should’ve been in our list, don’t hesitate to share them with us! We’d love to know how other businesses deal with phishing scams and how they handle employee training in this area!
For organisations who need an extra hand with finding tech talent who are cyber security specialists or trained, reach out to the tech recruitment team at BGC Group!