New report reveals scammers are bypassing technical security by going after employees
Gaps in employee training are leaving organisations vulnerable to "old school" scamming techniques, as a new report found that half of organisations have fallen victim to a scam in the last year.
A new survey from the Bank of New Zealand (BNZ) revealed that 50% of small- and medium-sized businesses fell for a scam after clicking a link, opening an attachment, or replying to a scam message.
Only two per cent of businesses were targeted by ransomware, while traditional deception and social engineering scams were more prevalent.
According to the report, businesses were targeted by:
- Cold calls requesting company information (27%)
- Bank impersonation attempts (17%)
- Invoice scams involving altered bank details (10%)
Margaret Miller, BNZ head of fraud operations, said the findings show that scammers are getting around technical defences by targeting the employees who are clearing invoices or answering the phone.
"Scammers know that breaking through technical security is difficult, so in many cases they're bypassing the technology entirely and targeting the person sitting at the keyboard," Miller said.
"Scammers prey on the fact that when we're rushed, distracted, or juggling multiple things we're more likely to act first and think."
Lack of employee training
The findings come amid gaps in employee training on scams.
BNZ's survey revealed that 45% don't consider cyber education a key priority for their organisation, despite 64% of SMEs saying scam activity increased in the last 12 months.
The result can be catastrophic, with the average loss for scammed businesses hitting over $5,000, according to Miller.
"Scammers aren't just after your business accounts. The data shows they are often successful in targeting personal finances or the business's data, even if they don't manage to steal money directly from the company accounts," she added.
Miller underscored that BNZ has tools, such as two-step authentication for logins and the ability to require two separate approvals for any payment, to boost businesses' defence against scams.
The New Zealand Government also has a website outlining how individuals and businesses can protect themselves against scams and fraud, such as invoice scams, scam calls, and phishing.
