PKF North America News

Home News Feed Article

Have a question?

Could Your Employees Identify and Stop a Phishing Attempt? by Brandon Bowers

2024-07-25

Businesses and their employees are constantly bombarded by a rising threat of email and text scams that have resulted in millions of dollars in security breaches, lost data, stolen money, interruption to normal business operations and longer-term reputational damage. While businesses should bolster their defenses with a range of cybersecurity hardware and software solutions, they […]

The post Could Your Employees Identify and Stop a Phishing Attempt? by Brandon Bowers appeared first on Berkowitz Pollack Brant Advisors + CPAs.

Businesses and their employees are constantly bombarded by a rising threat of email and text scams that have resulted in millions of dollars in security breaches, lost data, stolen money, interruption to normal business operations and longer-term reputational damage. While businesses should bolster their defenses with a range of cybersecurity hardware and software solutions, they cannot afford to ignore their employees’ role in protecting the organization on a day-to-day basis.

According to Verizon’s 2024 Data Breach Investigations Report (DBIR), 73 percent of all cybersecurity incidences in 2023 resulted from phishing and pretexting attacks, in which victims receive messages that appear to come from someone they know. However, criminals manipulate that level of trust and rely on other social engineering methods to dupe victims into sharing their credentials, downloading malware or ransomware that holds the organization’s data hostage. According to the report, more than two-thirds of breaches involved a human element, and it took an average of just 60 seconds for victims to fall for the scam and share credentials or click on a malicious link. This tells us that businesses must commit to better training their employees on recognizing the signs of phishing attempts and take precautions before acting on something that could cause irreparable damage to themselves and their employers.

Following are some tell-tale signs that an email or text message may be a phishing attempt, which your employees should flag and report to your IT or cybersecurity team.

  • The subject line does not match the content of the message.
  • The message uses generic terms, like “user” or “customer,” to address you rather than your name
  • It includes poor grammar and spelling, and the tone does not reflect what you are accustomed to receiving from that individual or company
  • It requests you provide sensitive information (such as your Social Security number, login credentials or bank account details), or it includes a link you were not expecting or an attachment with a file extension you do not recognize
  • It includes scare tactics or threatening language urging you to take immediate action, such as clicking on a link to keep your account “safe” or “active” or to “ensure delivery” or “avoid penalties or prosecution.”

Additionally, remind your employees to slow down when reacting to requests they receive via email and text. Scammers commonly use scare tactics and create lookalike URLs and fake email addresses to trick their victims into taking their bait.

  • Carefully check the spelling on the hyperlink and hover your mouse over the link to ensure the “link to” address is the correct company domain. If you are unsure, open an Internet tab and look up the company’s correct domain.
  • Hover your mouse over the sender’s email address to determine that the corporate domain is valid and the sender is not using a personal Gmail or iCloud account.
  • When you receive an unusual request from someone you know and trust, pick up the phone and call them directly to confirm the validity of the email.

Navigating the evolving and high-stakes world of cyber threats can be challenging. However, with proper education and mandatory training for all your employees, you can reduce the risks of your organization falling victim to these damaging attacks.

About the Author: Brandon Bowers is director of Managed Cyber Security Solutions with Berkowitz Pollack Brant Advisors + CPAs, where he provides businesses, professional services firms and family offices with business continuity and recovery, cybersecurity and fully outsourced help desk services. He can be reached at the CPA firm’s Ft. Lauderdale, Fla., office at (954) 712-7000 or info@bpbcpa.com.

 

The post Could Your Employees Identify and Stop a Phishing Attempt? by Brandon Bowers appeared first on Berkowitz Pollack Brant Advisors + CPAs.