What do these three real e-mails have in common?
- Kohl's Winner - "Notifications - Re: 2nd attempt for Paul"
- WalmartStores - "Re: CONFIRMED: Paul you are selected"
- Lowe's Winner - "Congratulations Paul! You Are the Lucky Online Winner of a Brand-New Sweepstakes Dewalt Power Station Entry"
No, "Paul" isn't the luckiest person in the world but, as you might have guessed, the target of cybercriminals.
All three of the above are examples of real recent e-mail scams* that were sent to hundreds of thousands of e-mail addresses with the goal of getting unsuspecting "winners" to provide personal information. This includes things like asking for a Social Security number to "verify" your identity before sending you the award you won. Or getting banking information so they can send you your monetary prize.
Of course, they aren't doing either of those things but rather using that information to steal from your accounts, steal your identity or simply sell the data on the dark web to others who will find ways to use that information.
So, how does this affect your business?
According to Symantec Security Center (https://www.broadcom.com/support/security-center), the average employee receives a scam e-mail about twice a week. That means companies with just 10 employees would be targeted up to 1,040 times a year!
While your employees may be too smart to actually provide their Social Security or bank account information, did you know that just clicking on a link in an e-mail can open up their computer (and every other computer and network it's connected to) to a variety of risks?
At best, it could just let the sender know the link was clicked and that it's an active account, which will then often trigger more spam, and often make that account the target of more attacks.
At worst, simply clicking on a link could download a malicious file - like a virus, malware or spyware - that then compromises the entire network and could record logins and passwords and access client databases and bank accounts.
Or it could lead to a "scammy" website (often made to look legitimate) where your employee could enter confidential information inadvertently.
Obviously, none of these are good outcomes for your employee or your company. In 2020, attacks like this cost small businesses over $2.8 billion in damages, according to the US Small Business Administration, with costs of up to $653,587, according to Verizon.
The good news is that there are easy and free ways to protect your employees and your business from these scams, like properly training employees about cyberthreats, as well as inexpensive technical solutions like blocking known spam and prohibiting access to illegitimate websites.
While these protections are low in cost, NOT having these trainings and protections in place could be disastrous for your company.
To eliminate worrying about the 1,040+ bad e-mails your employees get and hoping that none of them will EVER click on a bad link, go on the offensive and make sure they never even get these e-mails in the first place, and even if they do, the sites are blocked if they click!
To see how to stop being a sitting duck and instead take control of your security, simply call us at 877-468-1230 or register for a FREE cybersecurity risk assessment and we'll walk you through your options.
*You can check the facts on these scams and get the details.