New research shows 25% of users falling victim to impersonation fraud were so ashamed they chose not to report it. Even worse, many don’t know how to spot the scam.
One of the simplest and effective social engineering tactics is to impersonate someone the recipient is familiar with. It lowers their defenses and allows the scammer to persuade the recipient to engage in some form of malicious action – be it to open an attachment, click a link, email confidential information, or take action that benefits the scammer.
And it seems, according to new data from UK-based Lloyds Bank, corporate users are falling for it. Emails from senders posing as suppliers and/or an employee’s boss are being used to fool users into becoming a victim.
So, why are users to ashamed to report falling for email scams? Consider the Lloyd’s Bank data:
- 58% of users have received business scam-related emails
- 1 in 10 millennial users have fallen victim or know someone who has
- More than 1/3 of users don’t know how to spot a fraudulent email
It’s that last statistic that is the smoking gun – users aren’t sure what to look for. So, when left to their own devices, they fail and feel responsible.
But organizations can do something to empower users to be able to identify scams – whether email, web, or even phone-based – and stop them before they do any harm. By using new-school security awareness training, organizations educate users on what to look for and common tactics used in scams, as well as elevate the user’s level of security-mindedness. This lowers an organization’s risk of becoming a victim of fraud, ransomware, or data theft.
We strongly recommend to phish your own users to prevent these types of very expensive snafus. If you're wondering how many people in your organization are susceptible to phishing, here is a free phishing security test (PST):