Along with using advanced tech skills to infiltrate your company, many criminals also use basic psychology and familiarity with emotions in their phishing scams.
Social engineering scams, like phishing emails, use manipulation and prey on people’s feelings. And criminals will continue to use this social engineering approach simply because – time and time again – it works, say the security experts at SecureWorld.
As a result, it’s essential for your finance team to know what emotions criminals often exploit, so they can more easily detect scam attempts and avoid losses from fraud. Check out five of the top emotions criminals use against Finance in phishing scams, according to SecureWorld:
No one wants to miss out on a good thing! And as CFO, you encourage your company to save money or snag cost-effective deals whenever possible. But criminals know that. So, they may use language like “last chance” or “offer expiring” to draw people in and spur quick action.
Warn employees with purchasing power about this one, as you don’t want them to make rash decisions that ultimately lead to a scam rather than a sale. And keep in mind that some people outside of Finance may not be as knowledgeable about the red flags of phishing scams, so providing a quick training session or concise memo couldn’t hurt either.
Criminals may try to pique your staffers’ interest to get them to, say, click a link. They often use intriguing questions like: Did you know your online account’s at risk? Have you seen this new statement in your portal? Are you aware of these new policy changes?
Remind your staff: Don’t let curiosity kill the cat. They must always pause and really assess before jumping the gun and clicking away, even on seemingly innocent links or attachments. Advise staffers to hover over a link to see where it’s really taking them (i.e., a legitimate domain or a suspicious site).
A classic phishing scam: Picture an “executive” asking an A/P staffer to wire a payment “ASAP” or take care of “an urgent request.”
Make sure your staff knows that a request that requires them to act fast is likely trying to get them to act without thinking too much into it. They’re right to be suspicious of such wording and should investigate it.
It’s sad but true – criminals will exploit your hardworking staffers’ willingness to help others. They may pose as employees who are “confused,” vendors who “need your assistance” or even charities asking your company for “help during these trying times.”
Be sure your staffers check that the person is who they say they are before getting too involved or offering help.
Fact is, no one wants to get in trouble or create crises at work. For that reason, criminals may try to instill fear in your staff with messages about “your corporate card being at risk” or “your account being closed.”
Again, your tell your staff not to act on impulse. They should take a moment, digest it, then verify it. And if they know you and other managers are there to help amid true uncertainty or stress, their intelligence will overpower their fear.