Cyber security isn’t a new concept, but a surge in phishing and smishing (SMS-based phishing) attacks have caused concerns that businesses are so focused on security software and malware they are ignoring the biggest vulnerability: human error.
Hackers and scammers have continued to refine their techniques to target employees specifically, particularly where so many are working remotely and will not be in an office environment where they can easily access colleague advice or resources. Indeed, a recent phishing report from ‘Knowbe4’ confirmed that over 25% of successful ‘bait clicks’ by victims were on email links that used the term ‘HR’ in the subject line.
To elaborate on this example, an email is sent to your company email address with a link to approve an overdue payment or a purported security threat to the business bank account are easy ways to scare someone into clicking the link quickly to solve the problem, only to transmit their data, login details or even transfer money to a fraudster.
Phishing attacks aimed at businesses reportedly grew by 65% last year, with nearly 200,000 attacks in just three months. Payment providers, banks and e-commerce companies were the most targeted.
How to Reduce Your Business Digital Risk
There are several online resources to educate yourself about cyber-security and phishing attacks.
Managers can introduce mandatory training exercises to ensure all staff members know how to recognise a fake email or text and won’t inadvertently download a virus or share online banking information with a scammer.
Businesses can also circulate examples of common scam techniques for the benefit of their customers. A recent example of this has been published by Wonga. The South African credit lender has shared a series of ‘real-world case studies’ to protect the interests of its customers and spread awareness of what these scams can look like in real life scenarios.
Other safeguards include policies to require all workers to update passwords regularly, install more robust firewalls, or restrict pop-ups on workplace internet browsers.
Multi-layer authentication, such as using a fingerprint or email-based security code, can create a beneficial pause during a login process where an employee can verify the authenticity of the site, link, or payment button they are about to press.
However, awareness and understanding are fundamental and should be a priority for businesses concerned about the growing number of successful phishing scams, data breaches and cyber-attacks.
The Most Common Digital Attacks on South African Businesses
So, which are the scams that companies need to be most vigilant in detecting and reporting? CMS Law-Now looks at three ways that organised criminals commit fraud – often going undetected until it is too late.
1 – Money muling – the fraudster contacts the victim asking for help completing a financial transfer. This message could be empathetic, talk about an emergency medical bill, or use another strategy to encourage the target to respond. This method has increased by 97% in the last two years.
2 – Fake identities – a criminal can pretend to be somebody else, perhaps a director, financial manager or supervisor, and ask a colleague to click a link, share information or confirm a detail. They typically copy logos and contact information harvested online and can be extremely convincing.
3 – Forgeries – branded correspondence such as emails and text messages are doctored to impersonate a business or bank. Employees might follow a link to confirm they have made an authorised payment or to reply to an attempted fraud alert with a fake screen that looks identical to their normal online banking system, for example.
The more conscious businesses are of these potential threats, the easier it will be to spot them and avoid losing money, time, and valuable data to scammers.