September 04, 2024
Training employees to recognise social engineering dangers is one of the most important ways to protect confidential information in the workplace today.
Information thieves use social engineering such as email scams, phishing and pre-texting to trick people into giving out confidential information and/or installing malicious software.
Scams can occur over the telephone but most frequently, they arrive in a fake email.
Email fraud is a deceptive practice where criminals use email to trick individuals or businesses into providing sensitive information, such as passwords or financial details.
This can involve phishing, where fraudulent emails appear to come from legitimate sources, or spear-phishing, which targets specific individuals with personalised messages. The goal is often to steal money, data, or identities, making it crucial to recognise and protect against these malicious tactics.
Many data breaches are thought to have started with a simple social engineering scam.
According to Verizon’s 2015 Data Breach Investigation Report, phishing attacks have been a factor in more than two-thirds of cyber-espionage incidents for the past three years. The study showed that more than 23% of recipients open phishing emails while 11% open the attachments.
Globally, computers continue to be infected with malware at a high rate. The Anti-Phishing Working Group (APWG) reported that the global infection rate was around 33% for most of 2015.
For protection from email fraud, an organisation should have a comprehensive information security programme as well as technology that intercepts incoming emails such as firewalls, antivirus software, and content filtering. There should be a multi-level approval process for any financial transfers. Some companies utilise social engineering phishing tests to identify workforce vulnerabilities and solutions.
Employee knowledge about social engineering scams is just as important as these other safeguards – so employees can delete or ignore scams.
In security awareness training, teach employees about the risks involved in sharing personal and business information online. Knowing how to spot fake emails is also key. Workplace reminders (posters, notices in employee newsletters, etc.) will help to keep phishing awareness top-of-mind.
Recognising the signs of email fraud is crucial in protecting yourself and your organisation from cyber attacks.
Here are 6 key red flags to watch for in email communications.
It’s a red flag if the sender is not a recognised person or organisation. But keep in mind that cyber criminals are increasingly using social media platforms to launch attacks. For example, they create fake LinkedIn profiles in order to target employees at a specific company
How relevant is the subject line? It should make sense or match the content. If there’s reference to a request that wasn’t actually made by the recipient, consider it a red flag too.
Being copied on an email with one or more people who are not personally known is a red flag.
Spelling mistakes, unusual phrases, bad grammar, and provocative content are all red flags. A scam request to install antivirus software may actually be a malicious program.
A scam email may direct the recipient to open an attachment in an unusual way. Consider whether the attachment was expected or the ‘sender’ would normally send these types of attachments.
Directing the recipient to click on a link is a red flag. One way to check the link is to hover over the hyperlink with the mouse to see if the address is for the correct website.
Protect your business from email fraud by staying vigilant and informed.
Contact Shred-it today to learn more about our comprehensive data protection services and how we can help safeguard your sensitive information.