International Fraud Awareness Week: how security awareness can prevent fraud before it happens
Fraud and cyber crime
International Fraud Awareness Week is a great opportunity to get people talking around the subject of Fraud. Fraud, also known as Social Engineering, is becoming an increasingly popular method for cyber criminals; the ‘Protecting consumers from online scams publication 2021’ found that, for 63% of fraud incidents, there had been no contact between the victim and the offender. The same report stated that the most common methods of contact were online or by email (14%) and telephone (11%), signifying cyber criminals' adoption of these communication methods.
As cyber criminals hide behind the social barriers of the digital world, it enables them to mimic our well known brands and target potential victims on a large scale, causing the need for security awareness to grow. Regardless of the size of your organisation, these criminals seem to be targeting the masses, for which if sensitive data is exposed it can lead to a tricky recovery following the breach. Security awareness is also vital in knowing what steps to follow for a successful recovery.
Common types of online scams
At a glance, here is some of the most common types of attack methods that we are seeing today:
Phishing is a type of cyber threat that utilises emails or social media messages, accompanied by social engineering techniques, to try and trick their target into sharing sensitive information or transferring funds.
Spear phishing is similar to a phishing email (with the difference of being targeted at a specific individual/department within an organisation) and mimics a trusted source of the organisation.
Baiting is similar to phishing, but this time the goal of this attack is to get their target to download an attachment that contains malware.
Ransomware can be a follow on from Baiting. Once their target has downloaded this malware to their device, they may use this malware to block the user out of their network until a “ransom” is paid.
Copycat websites are correlating with the increase in phishing attacks, by which the email or messaging app directs their target to a copycat site. The recipient is redirected to the fake site where they are urged to enter their personal information.
What to do following the breach
Notify the correct people
Depending on the type of breach that you or your company have encountered, the procedures following will vary. For instance, if you are a UK organisation and have experienced a data breach, you will be expected to notify the ICO who can advise you on the next steps. In addition to following the correct lawful procedures, you should also notify managers and your employees. It is also recommended to notify your customers to keep an open and honest communication, so that they can discover the breach directly from you.
Evaluate the severity of the breach
As well as using the advice from the trusted authorities which you have notified, it is wise to assess the breach in as much detail as possible to both resolve and prevent it happening again. To determine how the attack was initiated, you may be able to pinpoint exactly how the breach occurred, who may be affected and what exactly the attacker has access to or attempted to target. It would also be worth investing in a third party expert to ensure that you have the best possible protection for your next steps following the breach.
Educate your employees with the correct Security Awareness Training
The best thing to do is prevent fraud before it happens which can only be done with the right awareness around security. With employees being on the forefront of external communications, it is vital to have certainty in their understanding of the cyber threats that are out there, including how to identify them.
Phish your users
Our Cybersecurity experts can put you on the path to having full confidence in the Security Awareness of your employees, with a solution that enables you to train, test and measure the results of the training all on one platform.
Click here to sign up for your free phishing test to find out how phish prone your employees are.
