We would all like to think that we could never be fooled by a email scammer, but these scammers are as sophisticated as they’ve ever been, and the scams are netting sensitive data in volume. We’d also like to think that our internal data is safe, but as many as 62% of employees report having access to data they shouldn’t. Here are a few of the ways scammers try to gain access to your data, and what you can do to avoid them.
Convincing Email Phishing
Everyone has heard of the low-sophistication letters from foreign princes in search of a temporary home for their fortunes, but most people underestimate how far these scams have come. Many scammers can send decent dupes that look like normal emails from colleagues or friends, asking for sensitive information in language that passes the “uncanny valley” test. These emails are also often highly targeted toward certain people within an organization, and written in such a way that they might reply without a second thought.
In 2016, a scammer posed as Snapchat CEO Evan Spiegel and convinced an employee to reveal sensitive employee data. It took four hours—almost a lifetime in the cybersecurity world—for Snapchat to recognize the hack. To ensure something like this never happened again the company beefed up security protocols and employee cybersecurity training.
The most important thing to remember when opening or replying to emails is to always remain skeptical of any sender who is requesting sensitive or private information. If you’re doubtful, make a quick phone call or send a text and double-check. If it’s a bogus email, immediately report it to your IT department so they can be aware and look for fixes.
Beware of Links and Attachments
This is where it really starts to get tricky, as colleagues regularly share documents and links, and it may seem counterproductive to take the same amount of skepticism toward these emails. But any unexpected document sent without prior planning requires should be examined closely.
Last year, several people fell victim to the Google Doc scam when a seemingly innocuous link was sent to emails everywhere. Scammers were able to gain control of emails and lock people out. Take a moment and think about how many other accounts you have that send password reset instructions to your email. One click can compromise you in ways that are unimaginable.
To protect your employees, this is where it really pays off to have a nomenclature system for naming files internally so employees can know at a glance if a file is a legitimate file. The same goes for link sharing, such as knowing to never click on a link that isn’t pasted in full in the email, and to never click on a link in an email you weren’t anticipating.
Personal Emails at Work
Email scammers can sometimes use the personal emails of your friends and colleagues as a means to access work data, and you might not think twice about a college buddy or your mom sending you a link to something funny on the internet. But these emails frequently trick users by appealing to emotions, the most convincing among them gaining access to private information by claiming to be protecting it.
The easiest rule to apply in this situation is, of course, to leave work emails at work and never open anything from home while at work. Again, these should not only be deleted but reported to IT if you think you’ve received one or were convinced to click on a link in the email.
Access Through Personal Devices
Employees are using their personal electronics to do work now more than ever, and IT departments need to be most aware of the ways in which each of these devices is vulnerable. But the most vulnerable device is the human mind, and these scammers can use apps like GIF keyboards and other innocuous applications to gain access to private data.
One effective workaround for this is to require employees to access their internal data through a virtual private network (VPN) app in order to ensure the security of their private information. What matters is ensuring that employees cannot directly access internal data, especially on unsecured networks through personal devices.
Remind your employees that they’re vulnerable to these kinds of scams early and often, as no spam filter works as effectively as a keen set of human eyes and sharp reasoning skills. When in doubt, there’s nothing wrong with giving someone a call or text to make sure they’re intending to send documents. And if you get fooled, don’t be embarrassed — these emails are meant to be confusing — just report them to your IT department as soon as possible.
This post was brought to you by IBM Global Technology Services. For more content like this, visit IT Biz Advisor.