phishingscams

ArcLight Group can help your employees avoid phishing scams


How to help employees avoid phishing scams

Hello. My name is Brian Largent, I’m with the ArcLight Group in Tulsa, Oklahoma. Today, I’m going to be talking about phishing scams. The first thing you need to know about phishing scams is when someone falls for it, it is a self-inflicted wound. In other words, a phishing scam on its own, coming into your inbox in Outlook, or however you receive it, is not going to do harm to your organization. Only when someone actually falls for the scam, does it do harm. So let’s dive into it.

So we’ve all heard of the Nigerian prince scam. It’s been around for a very long time, inundating our inboxes for years. It’s still going around, evidenced by the man who was arrested in Louisiana in December of 2017 for being a middleman in a Nigerian prince scam that milked people out of thousands of dollars. What you may not know, is that the Nigerian prince scam was originally called the Spanish prisoner scam. Same basic premise, except for it goes back to the year 1588. In other words, it’s been around for hundreds of years and people have continued to fall for it.

There are much more modern scams out there that are very hard to identify without proper training. So what do you do to protect your organization? You can do nothing. You can rely on technology solutions, content filtering, anti-malware, anti-spyware, spam filtering, but what’s going to happen is an email is going to get through to your employee at some point in time. And when it does, you’re going to rely on your employee’s knowledge to determine if that’s a legitimate email or not.

You can train your employees, with death by PowerPoint. In other words, you get all your employees in a room with some coffee and donuts, and you just sit down and you talk about the latest scams, what to look for, what to try to avoid, and you hope that it is all retained. Or maybe you send out periodic training videos to your staff. Hopefully they watch them. Maybe you can find a way to mandate that they have to watch them, but if they’re paying attention and retaining, there’s no way for you to know. You can also perform periodic phishing tests for specific employees, like high risk employees, CFOs, accounting, finance people, your IT staff. And that’s a good thing to do, but that’s only specific employees. Lastly, you can create a human firewall by teaching all your employees through ongoing training and phishing testing. That’s what we recommend.

So how can we help your organization?

Well, we follow the train, phish, analyze technique. In other words, we perform baseline testing, then we train your users, then we phish your users, and then we see the results and adjust. Does it work? On average, 27% of the initial people tested will fall for some form of a scam. After 12 months, that number drops to 2.17%.

So what happens when an employee does click one of our phishing links? It gives them an immediate notification of what they fell for, how they fell for it, and how to prevent falling for it in the future, as well as being able to send them to remedial training immediately.

What do our phishing email tests look like? They look like legitimate emails. That’s the goal, to get your employees to fall for an email that looks legitimate, but there’s telltale signs it’s a phishing email. Then we teach them how to find those signs. Knowing the signs of a scam email is important, but knowing that your organization is performing periodic testing is going to keep your employees ever vigilant.
If you have any questions or concerns or would like to learn how we can help your organization fight scam emails, contact us today.

Share the Knowledge

Brian Largent

Managed Service Provider CHECKLIST

Land on the best IT solutions partner for your needs with this easy-to-follow, one-page download.

Download the Checklist

Discover More IT News, Tips and Tricks From The Experts At ArcLight Group