Most of us feel we can spot a scam when we see one. Years of receiving emails from foreign princes and pop-ups claiming we’re the “lucky one-millionth visitor” have given most of us a good idea when something looks fishy.
But the truth is one in three employees will fall for a phishing scam unless adequately trained. This is because phishing scams have evolved to become emotionally and behaviorally manipulative, with scammers now savvy enough to know how to bypass your initial skepticism. A lot of phishing attempts now use text messages, with the “CEO scam” being one of the most prevalent.
Below, we’ll explain what this sort of scam looks like and how best to protect your employees and business from such exploits.
An Example: The CEO Text Scam
Suppose it’s your lunch hour, and you’re sitting in the nearby coffee shop. You’re about to take a sip of your cappuccino when your phone vibrates with a new email or text. It’s your boss. THE boss. Not just your office manager but the CEO himself. He’s got your number from your manager, and he needs your help — urgently! They’re stuck talking to a board of executives and have completely forgotten to organize some bonus gifts for employees or customers. They explain that they need you to buy several expensive gift cards and (discreetly) text them back photos of the front and back so they can deliver the gifts today. It would be a big help to the company and the CEO themselves.
While it might seem so, research from KnowBe4 shows that over 30% of employees will fall for such a scam. Without proper training and pressured by a desire to help out their employer, people simply overlook the red flags.
In this case, the employee texts back the gift card information only to find out later that nobody from the company had made contact with them. Other scams may request payments, get you to click a link, or simply hand over sensitive information.
Spotting A Text Scam
While scam texts and emails are getting increasingly difficult to spot, there are some tell-tale signs that you should look out for:
- Authority and power: scam texts can appear more genuine if they appear to be from our boss, a government office, local authorities, or some other form of authority. This makes us second-guess ourselves and consider the consequences of ignoring the message.
- Urgent tone: the message will also express the urgency of the request. The sender will ask you to complete the task by a certain time, so you don’t stop and think about things. They do this by implying negative consequences (such as being bad for your career in the CEO scam) or fines.
- Elicits strong emotion: phishing attempts will also try and make you feel a sense of fear, hope, or panic. For example, in the CEO scam, you may start feeling excited that you are helping out the CEO themselves and envision the career benefits this will bring.
- Time of year: text scams will also lever certain times of year to bypass our skepticism and cause us to rush into acting. The CEO phishing scam, for example, is often attempted around the Holidays when bonuses are commonplace. Scams involving fines and handing over personal information could occur around tax return season.
- Shortened URLs: scam links will almost always be shortened. This will be so you can’t really tell what website you’re visiting before you click it. Once clicked, this can take you to a spoof website or even download malware to your device.
- Unusual phone number or email address: If the sender’s phone number looks unusually long or short or the email address doesn’t look quite right, the message is likely a scam.
Who Is Most Likely To Fall For A Text Scam?
According to the 2022 Phishing by Industry Benchmark report, the most likely industries to be affected by phishing scams are the banking, insurance, and consulting. Such industries tend to have a large number of employees and many points of contact. This allows scammers to fall through the cracks and take advantage of quick communication and pressure tactics.
Unfortunately, almost anyone without awareness training can fall for phishing scams. For businesses, this can prove disastrous, with leaked information used to steal information, hold IT systems to ransom, and more.
How To Avoid Phishing Scams
The good news is that proper training can reduce the number of phishing incidents dramatically. Just 90 days of occasional awareness training is enough to ward off even the most convincing of phishing attacks.
Employees should be trained to recognize the telltale signs of a phishing scam as detailed above, ideally using professional video and interactive course materials. Dynamic learning such as this is more interesting than dry presentations, with concrete examples helping drum home the lessons.
Companies should also implement regular simulated phishing scams to test employees are adequately trained. Set up a protocol, so phishing attempts are reported and known by the workplace to encourage widespread understanding and awareness.
At a personal level, individuals should always take time to stop and double-check unusual or out-of-the-blue requests. Before reacting to message requests, it’s best to try and take emotion out of the equation so we can think clearly. If you’re still unsure, get a second opinion.
Text scams are now extremely common. While awareness is increasing, scammers are getting increasingly savvy, capable of manipulating some of us into acting before we’ve taken time to think. The best way to stay safe is to resist acting rashly and take time to stop and think about the request, checking out the sender’s information to see if anything looks unusual. Businesses can help employees stay vigilant by providing adequate training and simulating text phishing attempts on a regular basis. Contact our President, Frank Stephens, at [email protected], or our Service Delivery Manager, Simon Jakubzcak, at [email protected]m to see how we can protect your business from text scams and phishing attacks.