What do these three real e-mails have in common?
- Kohl's Winner – "Notifications – Re: 2nd attempt for Paul"
- WalmartStores – "Re: CONFIRMED: Paul you are selected"
- Lowe's Winner – "Congratulations Paul! You Are The Lucky Online Winner Of A Brand-New Sweepstakes Dewalt Power Station Entry"
No, "Paul" is not the luckiest guy in the world, but, as you guessed, he's the target of cybercriminals.
All three of the above are examples of real recent e-mail scams* that were sent to nearly a million e-mail addresses to get unsuspecting "winners" to provide personal information. In order to claim the prize, the winner needed to provide their Social Security number to "verify" their identity. Then the winner needs to provide banking information so the scammers can send the cash prize.
Of course, they aren't verifying your identity, nor are they sending the cash prize directly to your bank account, but rather using that information to steal from your account, steal your identity or simply sell the data on the dark web to others who will find other creative ways to use that information.
So, how does this affect your business?
According to Symantec Security Center aka Norton (https://www.broadcom.com/support/security-center), the average employee receives a scam e-mail about twice a week. That means companies with just 10 employees would be targeted up to 1,040 times a year!
While your employees are too smart actually to provide their Social Security or bank account information, did you know that just clicking on a link in an e-mail can open up their computer (and every other computer and network it's connected to) to a variety of risks?
At best, it could just let the sender know the link was clicked and that it's an active account, which will then often trigger more spam, and often make that account the target of more attacks.
At worst, simply clicking on a link could download a malicious file – like a virus, malware or spyware – that then compromises the entire network and allows the bad guys to record logins, passwords and may give access to client databases and bank accounts.
Or it could lead to a "scammy" website (a website made to look legitimate) where your employee could enter confidential information inadvertently.
Obviously, none of these are good outcomes for your staff or your company. In 2020, attacks like this cost small businesses over $2.8 billion in damages, according to the US Small Business Administration, with costs of up to $653,587, according to Verizon.
The good news is that there are easy and free ways to protect your employees and your business from these scams, like properly training employees about cyber threats, as well as inexpensive technical solutions like blocking known spam and prohibiting access to illegitimate websites. Or the simplest, a free weekly cyber tip that keeps cyber security top of the mind. https://www.10dtech.com/cyber-security-tip-of-the-week/
While these protections are low in cost, NOT having these pieces of training and protections in place could be disastrous for your company.
To eliminate worrying about the 1,040+ bad e-mails your employees get and hoping that none of them will EVER click on a bad link, go on the offensive and make sure they never even get these e-mails in the first place, and even if they do, the sites are blocked if they click!
To see how to stop being a sitting duck and instead take control of your security, simply call us at 541-243-4103 or go to www.10dtech.com/discoverycall to set up a quick call, and we'll walk you through your options.
*You can check the facts on these scams and get the details.
-For the one from "Kohl's Winner," go to https://www.youtube.com/watch?v=Hu-c_E8tkD0;
-For "WalmartStores, go to https://corporate.walmart.com/privacy-security/fraud-alerts/;
-For "Lowe's Winner," go to https://bestlifeonline.com/lowes-air-conditioning-message-scam-news/
Also visit: https://www.sba.gov/blog/protect-your-small-business-cybersecurity-attacks https://www.verizon.com/business/resources/reports/dbir/2021/smb-data-breaches-deep-dive/
