According to recent numbers from Cybersecurity firm Proofpoint, there has been a 4,671% increase in gift card related email scams this year. These fraudulent emails have even caught the FBI’s eye and they peg losses to small businesses and customers at $1,021,919 since January of 2017.
Small Business Trends contacted Rob Holmes, VP of email security at Proofpoint, for his take on 6 ways to keep your company and employees cyber secure this holiday season.
We started by asking him what these scams were all about.
“Cybercriminals are sending unsuspecting victims customized business email compromise (BEC) emails that attempt to lure them into purchasing gift cards for business or personal reasons,” he wrote in an email. “While we cannot attribute these attacks to a particular individual or group, this activity underscores the ongoing shift in the threat landscape, with cybercriminals continually finding new ways to manipulate people rather than target infrastructure.”
Holiday Season Cybersecurity Tips
Here’s how to protect your small business and employees.
Spot Fake Display Names
Holmes reports the scammers have learned to impersonate executives or managers and lure employees into purchasing gift cards under false pretenses. They often use a Gmail account and phoney display name to match an individual’s name. Once gift cards have been purchased this way, they’re used for illegitimate purposes.
Checking the email address in the footer will help you to spot these fakes. Most of the ones that are scams won’t look legitimate.
Adopt A Policy
It doesn’t matter whether you’re a sole proprietor or a business with 50 employees, cyber criminals are targeting you. If you’re a smaller business, you might not have controls, processes and policies in place. Taking the time to fashion a policy for employees to read and memorize about what to look for can save you trouble in the long run.
The Small Business Administration stresses your policy should include social media best practices.
Designate an Employee
“Smaller businesses are targeted because they don’t have designated employee engagement positions, which often handle bulk gift card purchases,” Holmes writes. “This increases the pool of potential small business victims because anyone could legitimately be asked to purchase a gift card.”
Including one of these positions in your holiday staff budget can head off any potential issues. Make sure whoever you hire understands important aspects like good password management.
Focus on Certain Employees
Although these criminals often mimic managers and CEOs, they tend to target specific people within small businesses. Quite often they are not the people you would expect and the victims aren’t always the owner of a company. Holmes tells us these cyber crooks quite often go after an entry-level employee and those who have access to important information like financial and employee data.
Keeping your virus software up to date is another excellent way to catch these crooks before they find a way in. Picking a secure web browser is a great practice too.
Know Your Vulnerability by Industry
Holmes tells us that while every industry can get targeted by these scammers, there are a few that are on the cybercriminal’s radar more than others. Those are small businesses in retail, automotive, manufacturing, entertainment/media, and financial services.
Teaching everyone to password protect their devices and not leave them unattended is another way to stay safe even if you’re in a vulnerable industry like the ones above.
Take A Broad Approach
“The most important aspect of securing an organization of any size is to prioritize stopping cyberattacks before they reach their intended victims across every communication channel that employees use, including email, social media, mobile apps, and cloud applications,” Holmes writes. “Small businesses need an email security solution that can dynamically identify email fraud attacks as many do not include malware and bypass legacy security technology.”
You can see the kind of comprehensive solutions his company offers small businesses here.
He also says a technology moat is only part of a complete solution.
“Organizations should educate their employees to understand the value of the information they process and how to identify and report email fraud attempts. This people-centric approach to cybersecurity is necessary for small businesses to protect how people work today.”
Photo via Shutterstock