2021 witnessed the occurrence of a cyberattack every 11 seconds, setting a record for cybercriminal activity. Unfortunately, 2022 is on track to report similar numbers.
We don’t share this news lightly or with the intent to alarm you. We want to ensure that you have the knowledge and resources to mitigate cybersecurity risks and keep your business safe.
Cybercriminals often set their sights on busy organizations in the hopes that distracted employees will fall victim to their scams. To make sure this doesn’t happen to your team, LeadVenture encourages your business to habitually practice these three steps: Stop. Look. Think. Take an extra moment or two to critically analyze every incoming email before interacting with its contents.
We’re sharing five examples of popular email cyberattack strategies, along with our recommendations to circumvent these attacks:
Claims of Membership Activity or Winning a Contest
If you receive an email that claims activity has taken place with one of your membership or you won a contest or auction, proceed with caution – especially if this email is unexpected. Even if an email appears to legitimate and innocent at first glance, it could contain malicious links. It could also be a veiled attempt to convince you to divulge private company information.
Before interacting with the email, ask yourself these questions: Does this email reflect a credible membership, such as your Amazon account or online bank? Does this organization typically send you emails? Did you actually enter a content or auction? If the answer is no, the email is probably fake.
You can verify legitimacy of the email in other ways, such as visiting the organization’s website from Google (NEVER click a website link from the email itself). If you have a membership account, log in to determine if any activity has taken place.
Out-of-the-Ordinary Emails from a Coworker
Expert cybercriminals are good at impersonating just about anyone, including members of your team. This could look like an email from your manager asking you to send them a company password or make a large purchase with the company card.
If an email ever strikes you as abnormal in any way (for example, the request is out of character or has nothing to do with your job role), don’t respond. Reach out to the individual in person or by phone to verify the request.
Business Email Compromise (BEC)
BEC means a cybercriminal has contacted you by impersonating a business, such as a vendor or bank. Their objective is to gain access to important information. BEC commonly targets sales and financial departments, but anyone could receive a BEC email.
Double check any email from another organization, even if it claims to be from someone you regularly do business with. Before interacting with the email, directly contact the company to verify their identity and request proof of employment. If you suspect it’s a cyberattack, follow your company protocol to report the email to IT.
“Free” Offers to Stream Content
Streaming a show, movie or video for free is usually too good to be true, and any email claiming to offer free streaming services should be treated with suspicion. Last year, a lot of cyberattack emails included an invitation to freely stream new movies, but the link would direct users to a fake platform that extorted their person and payment information.
To keep your information safe, avoid any emails offering a free pass on paid subscriptions. This also applies to social ads and website popups. Only visit the official website instead of clicking on the email or ad, and only stream content on credible sites.
Create a Company Plan to Avoid Cyberattacks
Keeping your business safe from cyberattacks is a team effort – it only takes one person to allow cybercriminals access to important information. Creating a company-wide plan will help employees stay on the same page and identify any suspicious emails before it’s too late.
Every company cybersecurity strategy should center on awareness. Ask the basic questions whenever you’re faced with a potential cyber threat: Is this email out of the ordinary? Is it irrelevant to your department? Are you unable to verify the email through your membership account or the organization’s official website or customer service? If the answer is “yes,” report the email straightaway.
Even on your busiest days, look closely at every incoming email and walk yourself through the three cybersecurity steps: Stop. Look. Think. It’s better to be safe than to be scammed.
Do you have concerns about your business’ cybersecurity? Please feel free to contact the LeadVenture team.