Does anyone else feel like everybody’s scamming these days?
We published a blog recently on how to prevent a phishing attack from harming your workplace. Phishing emails and other scams wreak havoc on unsuspecting offices: by email, by telephone and by misleading online forms.
Scams are the reason why the junk mail folder exists, and why so many of us screen our calls. Whether a scam is malicious in nature or is just trying to make a quick buck from less-than-helpful services, how do you know who to trust?
Three Tactics to Defend Against Phishing Emails and Other Scams
1. Train Your Teams to Recognize Scams
We published a post recently on how to identify a common toner scam seen in many offices. Unfortunately, we’re all bombarded by scams like these, from robocalls on our cell phones, to receiving fake bills in the mail that look like they’re from an actual service provider, to the email phishing attacks referenced above. Scammers are everywhere and they’re getting really good at forgeries. We all need to learn to recognize a scam. As the saying goes, the best defense is a good offense.
We encourage all organizations to teach employees to recognize fraudulent phone calls, emails and other requests. We’ve taken our own advice by doing so at Loffler, and we provide resources to help other organizations do the same. All employees need to be vigilant to protect against fraud. If they’re not, the company will be exposed to risk.
2. Encourage Individual Accountability
Protecting your organization from fraud is a team effort. Encourage every employee to adopt an airport mentality: If you see something, say something. Don’t assume that someone else might catch fraud. It’s up to each individual employee.
In one recent example of potential fraud, action taken by one employee saved the day. The subject line of an email featured a misspelled CEO’s email address. The email contained links to download a file and a supposed message from the CEO reading, “kindly review the attached." This was not a legitimate file transfer. Thankfully, the employee who received the email was savvy enough to contact their CEO (and then their IT team) before clicking. Not only was end-user education enough to stop the attack in its tracks, but the employee was also empowered to say something when they suspected fraud.
3. Enable Multi-Layered Protections
In another example of potential fraud caught in the act, an employee at a local company recently received an email, again from a sender disguised as their CEO.
The body text of the email was simple: "Jane, Are you available? Write back". The message was not from the company’s CEO. It was from a hacker trying to gain access to the company through this employee’s email. Put yourself in that employee’s shoes. You receive an email from your CEO, asking you to respond. What if your phishing radar didn’t perk up with the unpunctuated, unsigned text?
The company in this case had multi-layered IT security protections in place. Because of these, the employee was warned of the possible fraud with a red banner and the denotation of “Possible Fraud:” in the subject line. Without the fraud detection in place, the email looks phishy, but the red flags could have been missed.
Although these attempted scams aren’t the first, and I’m sure they’re not the last, I do have confidence that Loffler’s team of IT security engineers and specialists have our customers’ backs in keeping their organizations safe. They can be of help to you, too. We make it our job at Loffler by employing IT security experts to help organizations defend against phishing emails and other attacks, or in some cases, clean up after one.
Solutions like this save businesses time, money and headaches. Solutions like this are our business. Our IT Solutions Group exists to help organizations navigate their IT needs with industry-leading expertise and real solutions.
