Using an “email scam,” hackers were able to steal $2.3 million from the Manor Independent School District in Texas. The theft was discovered in December, by a district employee who found three transactions which the school had recently completed had been fraudulent.
This all happened when a lure email was sent out and one of the employees, who didn’t recognize it as a phishing scam, responded to the email. This caused the school district a $2.3 million dollar loss. Now the U.S. government and local authorities are trying to sort it out. But as many of you know, recovering the lost revenue from a theft like this is near to impossible in today’s world.
How does this happen?
I’ve heard it said by many IT professionals that if they didn’t have to deal with users (employees) their job to protect government and corporate organizations would be a piece of cake. Unfortunately, it is their job to deal with users, and keep the company safe from such attacks regardless of human errors. It’s a tall order.
The idea that the hackers moving forward with these attacks are teenagers working in a dark backroom of their mom’s house, may be one of the biggest mistakes in combating this issue. In truth you’re fighting against very smart, motivated, well developed criminal organizations. Many are the best of the best in IT. They are capable of doing incredible things. Coding constantly and staying one step ahead of justice. They act, IT responds with a patch, then they find another way in, IT responds again with another weapon to keep them back. While this cat and mouse game continues many organizations end up giving them the keys to the kingdom because just one individual employee responds to a simple phishing attack.
Another big misconception is that many businesses believe hackers only go after large government and corporate organizations. Wrong! In the last few years, bad actors, have moved away from attacking the larger organizations to focusing on small to medium organizations. Why? Simple, because it’s easier to steal small amounts from several not so well protected businesses than it is to steal a large sum from one very well protected corporation.
So what can be done?
There are weapons to combat this constant barrage of attacks on our organizations. Here are two simple things that can drastically reduce and may even eliminate success of Phishing Attacks.
- Education: Teach your employees everything you can about phishing. Show them what it looks like, how it compromises your organization and how to not unlock the front door to the company’s data.
- Monitor for Compromised Credentials: Dive deep into the Dark Web and see what compromised credentials are out Then set a schedule for yourself and do it again and again on a regular basis.
Some good news!
There are some very budget friendly services that can greatly assist you in accomplishing the two items I mentioned above. At ThinkGard, we have a service that automates this process for you. For educating your employees on phishing scams we have an easy, budget friendly solution for not only training your employee’s but also testing that training with real world simulations. And when it comes to those users whose credentials end up on the Dark Web, we have Credential Monitoring, a service that looks out for you on the dark web 24-hours a day 7 days a week.
Make it hard on bad actors to get into your data and by all means, make sure you’re not giving them the keys to unlock it.