Phishing & Cybersecurity In Orange County
We are in unprecedented times. Before the coronavirus pandemic, the economy was thriving. But even then companies in Orange County as well as throughout the nation and the world, for that matter, have had to protect themselves against cybercrime. Phishing schemes, among other cybercrimes, were the highest in 2019 (since the FBI’s Internet Crime Complaint Center (IC3) was established) in terms of:
- The number of complaints filed (with California receiving the highest number of complaints out of all states); and
- The reported losses in dollars.
According to the IC3, there were 467,361 complaints filed in 2019, and $3.5 billion were recorded in losses to both individuals and businesses. Phishing was the highest culprit, second to other cybercrimes, like non-payment and non-delivery scams and extortion.
According to Donna Gregory, the chief of IC3,
“Criminals are getting so sophisticated… It is getting harder and harder for victims to spot the red flags and tell real from fake.”
Now, during the coronavirus (COVID-19) pandemic, the FBI has reported that cybercrime has tripled or quadrupled. Much of the increase is related to COVID scams, but not all.
With billions of dollars at stake, cybercrime is a real threat. As scammers become more and more advanced in their methods and capabilities, more businesses will fall victim. Here’s what you need to know about one of the most common forms of cybercrime: phishing.
What is Phishing?
Phishing is a fraud activity committed when a person sends emails pretending to be a reputable company or another entity with the goal of tricking the recipients to reveal:
- personal information;
- financial information, like bank information and credit card numbers; and
- Passwords.
Phishing is a serious crime, and a study conducted by the University of Maryland suggests that a phishing attack occurs approximately every 39 seconds in the United States. That means into over 156 million phishing emails are created on a daily basis––consider that number and then consider:
- 156 million is just under half of all people in the United States, so statistically one out of 2 to 3 people in the United States could become the victim of a phishing scheme on a daily basis; and
- 156 million is ten times more than the number of businesses in the United States, so on a daily basis, statistically speaking, each business is the victim of a phishing-scheme attempt.
Those kinds of numbers and statistics testify to the security risks that businesses in California face. They also testify to the importance of protecting yourself because the consequences can be dire.
What are the Consequences of Phishing?
When your business is the victim of successful phishing, it puts your company at risk. What’s more: the probability that phishing messages succeed is one out of ten! And those successful phishing scams have serious consequences, and the first and most essential is the consequence of financial losses.
Phishing in the business world is also referred to as business email compromise, and the IC3 reported that in 2019, there were “23,775 complaints about BEC, which resulted in more than $1.7 billion in losses.” This is specific to businesses and not individuals. That is a lot in the way of unnecessary losses.
But financial losses aren’t the only consequences. The loss of reputation and trust are other consequences, which arguably lead to additional financial losses. When your data has been compromised, chances are information relating or belonging to your customers or clients has also been compromised. Clients and customers put their faith into companies with their personal and financial information, expecting it to be safe and secure in its trust.
When that data is targeted and stolen, clients and/or customers won’t be back until they feel safe again. That translates into a damaged reputation and can, on the one hand, force a company to put more finances into damage control, and on the other hand, deal from the financial losses directly associated with the phishing scheme and the loss of any clients or customers.
Other CyberCrimes Similar to Phishing
Email is still the most common means for scammers to get to you, but now they are also using text messages and fake websites. The first is known as smishing and the second is referred to as pharming. As technology advances, so will the abilities of cybercriminals. You need to understand how to spot and avoid them.
How Do You Avoid the Consequences of Phishing?
Knowing how to avoid phishing is the best way to avoid the consequences of a successful scam. Here’s what you need to do.
- Understand why we (employees and others in the business industry) fall for phishing scams. The most common reasons your employees or even you may fall for a phishing scam are these:
- Greed––the email looks too enticing not to open to see what it entails, but remember: if it sounds too good to be true, it probably is
- Complacency––you think you are too smart for a scammer, but the reality is this: scammers are very smart and maybe even smarter than you;
- Curiosity––as with greed, the email just looks interesting and so you want to find out more, but you should probably stick to an old piece of advice: if you don’t know who sent it or if you weren’t expecting it, you probably shouldn’t open it (without learning more first at least);
- Desire to please––a message may look important given its very realistic appearance and it may be asking you do something, so you naturally want to help out by clicking on a link, but don’t: your niceness can lead to a lot of trouble;
- Fear––the email may say something ominous and out of that fear, you want to know more, but in these circumstances, it is best to play it safe; and
- Urgency––the email may require an urgent response but take a second to look more clearly at who sent it, including the email address, because that extra second may save your company a few dollars.
- Know what to look for in a phishing scam. Some of the common things to identify an email as a scam include:
- Spelling errors
- Grammatical mistakes
- Request for payment, wire transfer, or gift card purchase
- Unknown sender address
- Unsolicited messages, especially those with attachments, links, and login pages.
- Keep abreast of the latest scams. The IC3 reported that in 2019, there has been an increase in BEC complaints involving payroll funds. Now, in 2020, many complaints refer to the coronavirus pandemic.
- If you see something fishy, then say something to your boss, human resources, or tech department, etc. Get the word out and prevent a successful scam before it starts.
No comment