You can warn. You can educate. You can try. But, chances are, your employees are still going to fall for a cyber scam from time to time. It happens. Problem is, it can severely impact your company’s security.
Employees at TDS are no exception.
A few months back our own IT department sent a homemade phishing-style email to employees with the subject line, “Your mailbox is almost full — action required.” The email contained two different links, and the team monitored to see if employees would delete the email, click on the links, or report it as a potential security threat.
The goal? Simulate how our employees would handle a real phishing email. Turns out we didn’t do so hot. Although 9 percent of employees who received the emailed reported it as a potential security threat, which is well above average, 30 percent clicked on a link one or more times.
Scams like these have cost companies more than $2.4 billion in the last three years. Billion. Not to mention the security risk.
CSO recently shared an article that said human nature can be to blame for many of these cyber security breaches. They refer to the “seven deadly social engineering vices that employees share” — curiosity, courtesy, gullibility, greed, thoughtlessness, shyness and apathy. Take a look this year’s most clicked social media scam lines:
Any of them look familiar? Would you fall for these? You might. And so might your employees, putting your company and its data at risk.
According to CSO, the five scams that employees fall for the most are:
- Official-looking emails that appear to be work related. They have subject lines such as “Invoice Attached,” “Here’s the file you needed,” or “Look at this resume”.
- Malicious software sent through emails designed to look like internal voicemail service messages.
- Free stuff. They’ll click on just about any link to get it.
- Fake LinkedIn invitations and Inmail.
- Simply surfing social media can open the door for cyber thieves because all it takes is clicking on one scam post.
With that knowledge, educate your employees on the risks of such scams and how to identify the scams in the first place. Point them to our recent blog post we wrote to help recognize common phishing scams.