The average office worker sends and receives around 121 emails every day.
While that sounds like a lot, what’s more shocking is that 3 billion phishing emails are sent each day. They account for 1% of all email traffic.
What’s a phishing email? It’s an email sent by cyber criminals that pretends to be from a trusted source, such as your bank, Amazon, or a delivery company.
They’re trying to get you to click on a bad link. Maybe so they can install malware (malicious software) on your computer. Or to fool you into trying to log into a fake website; accidentally giving away your login details.
Your team will probably each receive several phishing emails every week. So, it’s really important they know the warning signs to look out for.
New research has revealed that PayPal was the most spoofed business in all financial phishing emails in 2021, accounting for 37.8% of attacks. Mastercard and American Express followed behind, with 12.2% and 10% share of attacks.
It’s because PayPal is so widely used – it has 392 million active accounts right now – that criminals pretend to be the online payments giant.
With a quick look, a typical phishing email really looks like it has come from the real business.
It will ask the recipient to update their details, or check for unauthorized activity. The worry that someone may have breached their account can cause people to let hackers in. Ironic, isn’t it?
Phishing is bad for anyone personally. But if hackers get into any business account, the resulting data breach can be devastating.
It’s absolutely vital that you educate all your people on the warning signs to look out for.
First, always check the link you’re being asked to click. Hover your mouse over the link and look at the URL. Does it look suspicious? Is the business name spelt correctly?
Check the address the email has been sent from. Does it look like a standard email address from the business? Or does it seem a little strange?
Look closely at the content of the email too. Emails from scammers will likely contain grammatical mistakes. They might not address you by name, and the layout may look slightly different to a genuine email from that company.
Trust your gut feel. You might feel it’s not quite right but be unable to say why. Don’t ignore that nagging feeling.
If you’re ever unsure, go to your browser and type in the real website address, then log into your account that way.
How protected do you think your business is? Are you certain all members of your team would spot a scam before clicking a link?
We’d love to help you review your data security and cyber-crime awareness training. Get in touch.