“You’ve received a new file – please click here to download.” “Your account has been suspended.” “There is an internal server error on your mailbox. Click here to recover your messages.” “We were unable to deliver your package. Please use this link for more information on retrieving your package.”

Messages like these have a couple things in common. First, they immediately raise our curiosity. Maybe we have a package coming that we’ve forgotten about. Maybe a coworker sent a neat file that we’ll want to see. Or maybe there is something wrong, and we need to verify our financial information. What do we typically do when we’re curious? We take the next step… but the next step, also known as “the next click,” could prove to be fatal. Why? Because the second thing these messages have in common is that they are all common online phishing scams. Sure, they seem harmless enough – because they seem like someone is trying to help us. Truthfully, most of us don’t like to admit that people actually work day and night and are malicious and ruthless in their attempts to access our company’s infrastructure, accounts, and other sensitive information. But this is a vivid reality, and one that we can’t afford to ignore.

Phishing costs average-sized companies between $2 – 7 million dollars yearly. Overall, the number comes closer to half a billion dollars every year for clicking on those links because we were “curious”, and we didn’t investigate. This is an astounding amount of money that does not need to be lost. But we have some good news – up to $500 million dollars could be saved by putting some simple safeguards into practice. CISA has published a great tip sheet that can help you to navigate phishing scams and be sure you don’t get caught off-guard. Check it out here.

Don’t let scammers rob you of your time, energy, and resources. Be sure to establish active and effective protocols that will combat phishing and keep your valuable information secure. It is always worth the investment! Contact us for a security review or to establish new procedures that will shore up your organization against phishing scammers.