We’re all used to receiving dubious emails about obscure lottery wins, and thankfully, most of us are wise to the scams. But occasionally, these phishing emails slip through the net, and employees get caught out.
Scammers are using a range of tactics to try to capture payment and login details, and it’s up to you to ensure your employees know about the latest attacks. If you work in professional services, and you handle client data, you’ve got a responsibility to protect the security of that data as well as your own.
Types of Scams
Phishing scams have been used to dupe unwitting users for more than 20 years. The premise is simple: send people an email that looks legitimate, but embed a bogus link. When the user clicks through, they are tricked into entering their credit card information or login details, which are transmitted to the scammers and used to commit fraud.
Now, there’s a new type of scamming, called vishing – or ‘voice phishing – that involves telephone calls that sound legitimate. The scammer makes a call and poses as a member of staff at a bank, or a large IT company. They convince the user that there’s a problem with their account or computer, and tell them they have to provide their card details to proceed. Vishing has been in the media recently because large numbers of people have been conned out of money.
Businesses may also have noticed an increasing number of fake invoices and payment demands that are appearing in Inboxes and Spam folders. These emails are sent to trick new employees into paying non-existent clients. While most businesses will cross-reference payment demands with client accounts, a few of these bogus demands will inevitably slip through the net.
What You Can Do
In any organisation, the IT system needs to be robust enough to filter out threats. At Cloud4, we include free virus and spam filtering to capture as many dangerous emails as we can.
On top of the automated checks we offer, we recommend that you invest in staff training. You must educate your users so they recognise these scam attempts and act accordingly. Security training needs to be part of your induction program for all new employees, with a focus on front line staff that may be handling payments or login details in their role. Additionally, you should schedule refresher courses to communicate new scammer tactics as they arise.
Protecting Your Data
Scammers are looking for login details, passwords and access to your corporate network. A file on your computer could be a source of valuable information, or could unlock intellectual property that can be misused.
Keeping data safe is a joint effort between your business and its IT service providers. At Cloud4, we always do our bit to protect the valuable data assets your company depends on, ensuring your clients and employees are less likely to be hit by a phishing or vishing scam. Get in touch to find out more about the security and spam filters we provide.