Imagine that one morning, this "phishing" email quietly shows up in the inbox of several employees that work for your company.
At first glance it looks like it's from LinkedIn, and who doesn't trust LinkedIn, right?
Well, let's look at it again...
Hmmm, the sender's address looks weird, and, gosh, I don't have Insurance Technology as a skillset listed on my LinkedIn... and, oh yeah, I don't use my work email address for LinkedIn.
Something is up!
Yes, it is. This is a phishing attempt - and it can lead to very bad news for the organization and its network.
"Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication." Wikipedia
What's the best way to handle a phishing attempt? Delete it! It's simple.
That said, who is the most "phish-able" person in any organization?
Answer: The CEO.
Criminals know that a request from the CEO gets immediate attention...a focus so powerful it causes people to ignore the most obvious signs of foul play.
If you are a CEO or other company officer, consider sending out your own version of this email...
Subject: (Company Name) Alert re Cyber Phishing
As hard as we work to educate both our customers and our team about the risks of cyber phishing...it seems that every now and then a client or a team member gets caught and exposes their own PII (Personally Identifiable Information) unnecessarily.
As CEO, I am probably the most "phish-able" (Company Name) person we have. We get several requests a day saying "This is (CEO first name)." When people see my name, they think they must respond immediately! It's interesting that while COVID-19 is teaching us all to slow down and consider our actions, we would also benefit from the same advice when it comes to phishing.
Let's stop, slow down - and ask, what's REALLY happening here?
Please know that I will never ask for any personal information by email, not even your phone number. And I certainly will never ask you for money or a cash card.
My email will always be (insert CEO's email address).
If you question an email message you think is from me but seems weird or asks for PII, stop and carefully check the email address of the sender. Do not reply to it or click on any attachments (because that's what the hacker is trying to get you to do!). Instead pick up the phone and call me or call (enter name) or your manager to get clarification.
Thank you for all you are doing to keep us safe! (CEO first name)
Subscribe to Essential Mention here.
About Us - At VANTREO Insurance Brokerage, we pride ourselves on our commitment to our clients and our community. We use technology, backed by live expertise, to provide both personal and business insurance services to people operating in a wide range of industries. As a certified, B Corporation, we also believe in the business of insurance as a force for good. We take our social and environmental awareness and obligations seriously. The work we do to eliminate workplace injuries, prevent insurance claims, empower middle-level managers to lead, and energize organizational culture is aligned with the goals of our client community. For more information or to get in touch with a VANTREO representative, call us today at 1-800-967-6543 or email us at firstname.lastname@example.org.