What’s wrong with an email that starts with “Dear valued customer”?
Over 70% of businesses have been hit with a phishing attack, and data has been compromised. Your first red flag may be an email that starts with “Dear valued customer."
Earlier this month, we published a blog; if you see something, say something. As MainSpring continues the discussion of cybersecurity, it is essential to discuss establishing a human firewall.
In this blog, I will discuss the top cybersecurity threat—email phishing.
The escalating IT security threat of phishing
Business email…multiple personal email accounts…we all check our email accounts several times a day. Now that many are working from home or in a hybrid environment, your employees may also be checking their personal email from their company laptops.
Email phishing has been around for years, but during the COVID-19 pandemic, organizations have experienced an increase in phishing attacks.
What is phishing? It’s when a cybercriminal uses fake or leading content to get you to open and click on a link or a file in an email. (Such as "Dear valued customer"). But phishing is not limited to just email.
Now, phishing techniques are common to prompt users to open private social media messages and text messages. Social media platforms report a substantial uptick in scammers using real photos and personal information to create fake accounts. Those phony accounts make the crack for scams.
Recognize cybersecurity red flags
In this blog, I want to include five tips to recognize a phishing attempt provided by our vCIO team.
- As mentioned earlier, any email that begins with "Dear valued customer" or "Dear friend" should cause skepticism. Usually, emails that do not greet you by name are sent in bulk and could be phishing attempts. Only open emails and messages from those that you know and who know your name.
- A legitimate business will not ask for any sensitive information to be included in a reply email, social media post, or text message. For example, your bank will not ask you to respond with your account number or password.
- Do not open any emails or messages about factory recalls, warranties, or after-market promotions if you did not buy it.
- Legit companies know how to spell. Often, a scammer will purposely misspell the name of a famous retail company. We all open messages and scroll through content so fast that the scammer hopes we will not notice that the message is from a fake retailer that looks somewhat like a famous brand.
- Who sent you the message? Scroll or hover your mouse over the “From” before opening any message. Look carefully at the account that sent you the message. Is it from a legit organization or URL? Is it from “Sam@Walmart” or is it from “Sam@Walmart567”? Notice the difference?
With phishing attacks surging this year, what can your tech team do to prevent a future attack?
IT security training is the answer.
The FBI's Internet Crime Complaint Center has provided a stat that should grab your attention:
“IC3’s 2020 report found that phishing, including vishing, SMiShing, and pharming, was the most prevalent threat in the US in 2020, with 241,342 victims. This was followed by non-payment/non-delivery (108,869 victims), extortion (76,741 victims), personal data breach (45,330 victims) and identity theft (43,330 victims).”—Expert Insights
The number 241,342 probably grabbed your attention, but you may be thinking that a software subscription will cover your cybersecurity needs. Although security applications do play an important role, you must deploy a two-prong approach to cyber awareness.
Training your employees to recognize a threat and report it should be the cornerstone of your cybersecurity plan. Pair an easy-to-use training program, including a regular refresher course, with any technology solution to prevent a cyber-attack.
Training may include an online course, information in your employee newsletter, updates and warnings on your Intranet, and team leader discussions.
Fight back with a human firewall.
There is no doubt that a human firewall is your first line of defense against any phishing attack. Your organization's human firewall must include your employees. Training your employees to notice the red flags of phishing and to alert your tech team should be a top priority.
At MainSpring, we offer a free evaluation of your human firewall. We have partnered with KnowB4 to bring you an online assessment. Look at our Automated Security Awareness Program.
About the Author
Ray Steen is the Chief Financial Officer & Chief Strategy Officer for MainSpring and has been with the firm since 2014. With over 25 years of experience in strategy, consulting and communications, his expertise arms clients with the strategies, tools and resources to meet their mission. Ray is a proud dad and coach of 5 kids, a fantasy sports nut and bleeds for the Chicago Bears and Boston Celtics.