The number of security issues and malware risks that your company must contend with continues to grow every year, but one of the most potentially devastating threats that your business faces is surprisingly low-tech in nature. Spoofed emails don’t rely on complex ransomware or sophisticated keystroke loggers. Instead, your company’s bank account and sensitive information are at risk simply by your employees attempting to perform their job duties. Training your team to spot spoofed emails is key to avoiding falling victim to common scams.
Examples of two common types of spoofed email scams played out in recent weeks. The first, an instance of the CEO fraud, involved an Internet criminal passing himself off as the head of a small Kansas construction company. The fraudster pretended to be the CEO of Cornejo & Sons and emailed the finance department of Sedgwick County to request $566,000 in payment. Because the county actually owed the construction company money for services rendered, they submitted payment as directed–only to later find out that the payment request hadn’t come from Cornejo & Sons and the construction company never received any funds.
A similar scam aimed at a Wyoming hospital system sought to obtain employees’ W2 forms. In this case, the Internet fraudster posed as an internal executive at Campbell County Health and requested the W2 files for all staff from the hospital group’s finance department. The finance department complied, exposing the hospital’s 1,300 employees to potential tax return fraud.
No longer completely confident that your employees won’t fall victim to one of these commonly spoofed e-mail scams? Luckily, there are steps that you can take to train your staff to spot a spoofed e-mail. Conducting training sessions to alert your employees to the existence of such scams is an important first step. Putting in place internal practices to verify the veracity of any request before responding will also help your employees understand how to deal with any potential scam emails that your business receives.
However, some employees don’t understand the real threat that accompanies spoofed emails until they have actually been the recipient of a fake request. For this reason, some businesses choose to initiate a simulated attack to reveal to their employees firsthand how easy it is to become the victim of a spoofed email. Some services exist that make it easy to carry out a pretend to attack. Some of these services such as PhishMe allow you to target the attack to match the real threat each of your employees is likely to face, such as an email sent to marketing asking them to provide their SharePoint credentials. Experts assert that it is fundamental to follow any simulated attack with further training as your employees will be particularly receptive to in-depth lessons on avoiding spoofed emails after falling for your staged attack.
Concerned that your employees might be vulnerable to spoofed emails? The security experts at Alary Clinitech can help you discover your business’ weak spots. Contact us today at (416) 291-7377 or firstname.lastname@example.org to learn more.
Contact us today at (416) 291-7377 or email@example.com to learn more.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.