+44-113-357-2020

International Fraud Awareness Week: How Security Awareness can Prevent Fraud before it Happens

Date

18/11/2021

Written by

Airnow

International Fraud Awareness Week: How Security Awareness can Prevent Fraud before it Happens

Fraud and Cyber Crime

International Fraud Awareness Week is a great opportunity to get people talking around the subject of Fraud. Fraud, also known as Social Engineering, is becoming an increasingly popular method for cyber criminals, for which the Protecting consumers from online scams publication 2021, found that for 63% of fraud incidents, there had been no contact between the victim and the offender. The same report stated that the most common methods of contact were online or by email (14%) or by telephone (11%), signifying the cyber criminals' adoption of these communication methods.

As cyber criminals hide behind the social barriers of the digital world, it enables them to mimic our well known brands and target potential victims at a large scale, causing the need for Security Awareness to grow. Regardless of the size of your organization, these criminals seem to be targeting the masses, for which if sensitive data is exposed it can lead to a tricky recovery following the breach. Security Awareness is also vital in knowing what steps to follow for a successful recovery.

Common Types of Online Scams

At a glance, here is some of the most common types of attack methods that we are seeing today:

  • Phishing is a type of cyber threat that utilizes emails or social media messages, accompanied by social engineering techniques, to try and trick their target into sharing sensitive information or transferring funds.

  • Spear phishing is similar to a phishing email, with the difference of being targeted at a specific individual/department within an organization and mimics a trusted source of the organization.

  • Baiting is similar to phishing, but this time the goal of this attack is to get their target to download an attachment that contains malware.

  • Ransomware can be a follow on from Baiting. Once their target has downloaded this malware to their device, they may use this malware to block the user out of their network until a “ransom” is paid.

  • Copycat websites are correlating with the increase in phishing attacks, by which the email or messaging app directs their target to a copycat site. The recipient is redirected to the fake site where they are urged to enter their personal information.

What to do following the breach

Notify the correct people

Depending on the type of breach that you or your company have encountered, the procedures following will vary. For instance, if you are a UK organization and have experienced a data breach, you will be expected to notify the ICO who can advise you on the next steps. In addition to following the correct lawful procedures, you should also notify managers and your employees. It is also recommended to notify your customers to keep an open and honest communication, so that they can discover of the breach directly from you.

Evaluate the severity of the breach

As well as using the advice from the trusted authorities which you have notified, it is wise to assess the breach in as much detail as possible to both resolve and prevent it happening again. To determine how the attack was initiated, you may be able to pinpoint exactly how the breach occurred, who may be affected and what exactly the attacker has access to or attempted to target. It would also be worth investing in a third party expert to ensure that you have the best possible protection for your next steps following the breach.

Educate your employees with the correct Security Awareness Training

The best thing to do is prevent fraud before it happens which can only be done with the right awareness around security. With employees being on the forefront of external communications, it is vital to have certainty in their understanding of the cyber threats that are out there, including how to identify them.

Phish your users

Our Cybersecurity experts can put you on the path to having full confidence in the Security Awareness of your employees, with a solution that enables you to train, test and measure the results of the training all on one platform.

Click here to sign up for your free phishing test to find out how phish prone your employees are.