Article

Phishing for Dollars: Email Scams Costing Companies Billions

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet1,109 viewsSign in to rate
Why Your Employees Keep Clicking on Phishing Emails, and How You Can Stop It The 2017 Verizon Data Breach Report is out, and it’s full of great news – if you’re a hacker. The study, which examined over 1,900 breaches and more than 42,000 attempts in 84 countries, showed that cyberespionage and ransomware are on the rise. The manufacturing industry is particularly vulnerable to having intellectual property and company secrets stolen by cyber spies. How do these spies and garden-variety hackers get into enterprise systems? Quite often, the Verizon report found, it all starts with a social engineering attack, most commonly a phishing email. “Business Email Compromise” Scams Costing Firms Billions of Dollars Verizon found that social engineering methods were used in 43% of reported breaches, and of those, 93% were in the form of a phishing email. Once hackers have successfully phished their way into an organization’s network, the next step is usually (95% of the time) to install malware. Not long after the Verizon DBIR hit the virtual stands, the FBI came out with its own damning statistics regarding a phishing variant known as a “business email compromise” (BEC). In a BEC scam, hackers get hold of the login credentials for an email account belonging to a high-ranking company executive – once again, this is usually accomplished through phishing – and use it to send what appear to be legitimate emails requesting that employees or vendors make wire transfer payments. BEC scams, the FBI reported, saw an astounding 2,370% spike in “exposed losses” over a two-year period ending December 2016, totaling $5 billion. Keep in mind that this $5 billion figure doesn’t count losses from other types of phishing emails, such as email spoofing or the compromise of personal email accounts. The braze Google Docs phishing scam that ensnared approximately one million victims last week cost the state of Minnesota alone an estimated $90,000, as state employees scrambled to deal with the attack instead of doing their jobs. The Hacks Will Continue Until Proactive Cyber Security is Prioritized Why do employees keep clicking on phishing emails? In most cases, it’s because they don’t know any better. Despite living in an increasingly connected world, the majority of Americans have little or no understanding of cyber security best practices, especially how to identify phishing emails. They aren’t learning about cyber security best practices on their own time, and their employers aren’t teaching them, either. Companies are handing their employees login credentials, maybe installing a firewall and anti-virus package, and hoping for the best. While technical controls such as anti-spam filters, network segmentation, and avoiding private email servers unless your organization has the in-house staff and expertise to manage them are important, the best way to protect an organization against phishing is to address the human factor and teach employees about cyber safety. Some points to remember: • All employees must be trained on cyber security best practices, not just certain groups. Too often, enterprises will comprehensively train their IT staff and other upper-level staff members, only to have a receptionist or an intern get phished. White-collar workplaces need to take cyber safety as seriously as blue-collar environments take physical safety; anyone in the organization who touches a computer for any reason needs to know how to operate it safely, including part-time workers, temps, and interns. • Cyber awareness training requires continuous education. The threat environment changes daily, and employees must be kept up-to-date on the latest dangers and how to avoid them. • Penetration testing is an important part of training. By sending fake phishing emails to employees and seeing who clicks on them, enterprises will know where their weak spots are, and employees who fall victim to the fakes will learn from the experience. • Companies must have a specific procedure for reporting suspicious emails. If an employee receives an email that looks suspicious, they should know exactly who they are to alert and how. Employees must feel comfortable reporting any activity that doesn’t look quite right so that security personnel can investigate further. There is no such thing as an organization that is “too small” or “unimportant” to be hacked. Some small organizations think they cannot afford proactive cyber security, but can they afford to lose tens, even hundreds of thousands of dollars to a breach? Securing your enterprise systems is just as important as locking your building’s doors at night; you cannot afford not to protect your network. Until everyone realizes this, the hacks will continue, and the losses will keep mounting.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026