Attempting to quell the onslaught of phishing scams that disrupt our modern world, many businesses are resorting to sending fake e-mails to employees to see who takes the bait, as it commonly regarded that employees, not inadequate IT systems, are the weakest link in cyber security. Phishing e-mails are the bread and butter method of scammers and hackers across the globe, seeking easy money by inserting malicious links into messages. Unwitting recipients will sometimes click on these links, posing to be from a bank or acredited institution, and be taken through to a phoney website, asking for your account details.
However, e-mail scams are evolving from the increasingly familiar bank message, to dangerous software hell bent on stealing password or login information - hence the upsurge of companies giving employees habitual training in keeping data safe.
Nigerian Princes Were Just The Beginning
Many people by now will be familiar with the infamous Nigerian Prince scam, in which a hoax e-mail would ask for a small payment or your bank account details, and in return you'll receive a large amount of money that because of tax reasons or something similar, can't be transferred out of their country without your help. Though such a proposition may sound blatantly dodgy, the success rate is high, with over $12 billion being lost worldwide to the scam in 2013.
There are a plethora of wire frauds and e-mail hoaxes to be aware of, as these popular phishing scams continue to plague innocent people on a daily basis. Among the most prevalent cons are:
- PayPal messages that request the user to confirm their login data via a link to a deceitful site
- Comerica Web Bank e-mail that offers a security update which will expire soon; complete with fake news stories and a downloadable link
- Seemingly real websites that are actually look-alikes to the real counterparts, such as ebay-billing.com or microsoft.verification.com. (Both now defunct).
Fighting Back
Flamed by recent high-profile hacks to major corporations like Anthem and Sony, businesses and individuals the world over are rushing to beef up their defences. Likewise, many hosting sites are keen to stress the safety and security of their own secure e-mail services, as companies like 1&1 declare on their FAQ pages that their anti-spam and anti-virus packages are a match for today's hackers and spammers. Others however, insist that such packages aren't enough; individuals need to inform themselves of the risks out there, and large business need to consider working with professional cyber security firms. Cyber security can no longer simply be left to the IT department.
Many scams are successful simply due a lack of judgement and human error. Trib Live looks at a recent report by the Online Trust Alliance, revealing that of over 1,000 security breaches in 2014, 90% were 'preventable' and a quarter of those were purely accidents from employees.
Staff need to be made aware of the risks that are out there, and how to avoid the most common ones. Educating employees - and any outside suppliers or freelances who have access to the internal system - is vital. Such training should not be seen as a one-off, but instead a continuous process with programmes tailored to the needs and risks of that particular company.
With businesses purposely setting up these ‘sting' e-mails, the hope is that the age-old idiom of “once bitten, twice shy", will ultimately be the case for employees and the general public in the future.
