Scam emails, otherwise known as phishing, have been a constant nearly since email was invented.
Only today, they’ve gone way beyond a poorly spelled wire transfer request from a “Prince” to emails that look identical to those you receive from companies like Amazon or Apple.
88% of organizations reported receiving phishing attempts in 2019.
Phishing can be a major problem for a business and its cybersecurity. It’s the main delivery method for malware, gift card scams, and data breach attacks. Cyber attackers have continued to rely on phishing because it’s cheap and effective.
Ways That Phishing Can Cost You
Phishing is responsible for over 80% of reported IT security incidents, which means avoiding falling prey to phishing attacks should be a top priority of any cybersecurity and business continuity plan.
There are countless ploys that scammers use when it comes to phishing, here are just a handful of examples:
- Email pretending to be a customer PO
- Fake order/shipping email from Amazon
- Email that spoofs a vendor’s email address asking to change their payment details
- Fake Microsoft file sharing email that asks the user to login to a spoofed form
- Email purporting to require an account update “before an account is deleted.”
Here are some of the ways that phishing attempts can harm your business.
Ransomware is one of the costliest forms of malware and it’s often delivered through a phishing email. As soon as the ransomware infects one device it seeks out others on the network to infect, taking down an entire office.
Ransomware encrypts files, making them unusable. A ransom is demanded, usually in bitcoin, for the hacker to provide a decryption key.
The average cost of a ransomware incident is:
- $732,520 if the ransom is not paid
- $1,448,458 if the ransom is paid
Lost Productivity Costs
Just going through additional emails and taking time to ask someone, “Does this email look legitimate?” can eat up a significant amount of productivity over the course of a year.
Employees spend time sifting through phishing emails to get to legitimate ones as well as trying to identify whether an email is real or a fake.
Other productivity losses can come in the aftermath of a virus or malware infection due to a successful phishing attack, as everyone is redirected to trying to put out the immediate security fire.
Productivity losses for a U.S. business due to phishing scams are estimated to be $1,819,923.
Loss of Reputation
Another way that a company can be harmed by a phishing attack is if the attacker spoofs their domain and then sends phishing emails purporting to be from them to their customers.
Even if the email didn’t come from your company, a customer can still blame you for an attack that costs them money and decide your business is too risky to work with.
One way to help prevent email spoofing is to use email authentication on your mail server and recommend your customers do the same.
Data Breach Costs
The average cost of a data breach for a small business in Chicago or the rest of the country is approximately $2.65 million or $3,533 per employee. A breach of your sensitive data or that of your customers can have long term consequences in addition to high costs.
Malware that is used for data breaches can easily be delivered via a phishing email with a link to a malicious website that does an instant download onto an unsuspecting employee’s computer as soon as the page loads.
Can Result in Direct Monetary Loss (Gift Card & Wire Scams)
Two types of phishing attempts that can result in direct monetary losses are gift card scams and wire scams.
In the gift card scam, an employee is typically sent an email purporting to be from a supervisor asking them to urgently purchase gift cards and promising reimbursement.
One of the most common wire scams is when someone pretends to want to purchase products, but says they want to use their own shipping company. The order is usually a large one, making shipping at least $1,000 or more. They’ll ask you to pay their “shipping company” from their payment to you, which is actually a fake. It may look like it’s been sent at first and then get rejected by your bank within a day, but by then it may be too late.
Tips for Protecting Your Business from Phishing Scams
Here are some of the best practices when it comes to protecting your business from phishing attempts:
- Train employees regularly on cybersecurity awareness
- Use an anti-spam/anti-phishing email filter
- Use web protection to block malicious websites
- Keep all devices updated in a timely manner
- Ensure all devices have a solid antivirus/anti-malware application
- Use a firewall on your office network
Get Your Tailored Cybersecurity Support Plan from ProdigyTeks
Is your business properly protected from losses due to phishing attempts? We can help you put proper safeguards in place and tailor a cybersecurity plan specifically for your needs.
Schedule a free phone consultation today! Call 312-600-8357 or reach us online.