Employers Are The Missing Link

Hari Ravichandran is the CEO and Founder of Aura™, a leading provider of comprehensive digital security solutions for consumers.

In today’s digital age, getting scammed online is more common than ever. It is so common, in fact, that an entire economy has flourished around it, built with fraudulent transactions, hacked accounts and stolen passwords. Even more concerning, it’s evolved as far as mimicking popular business models like SaaS (software as a service).

A current trend we’re seeing is PhaaS—phishing as a service. Through this model, hackers license prebuilt phishing kits as subscription services that act as out-of-the-box solutions for amateur hackers, effectively lowering the barrier to entry into this lucrative underground industry. Recent research found that the discourse around and purchasing of PhaaS kits surges in the months leading up to the holiday season. This could be one of the reasons why we see an uptick in phishing scams during the holidays, especially when underground forums are ripe with tactical discussions and dark web markets offer Black Friday deals.

While the U.S. government makes progress on shutting down cyberattack-for-hire services—like the recent crackdown on DDos websites (registration required)—these types of innovations invariably adapt and evolve beyond our ability to keep up, impacting us in a variety of ways. According to the Identity Theft Resource Center (ITRC), social media account takeovers increased by 1,044%, and non-financial account takeovers increased by 235% in the last two years (pg. 11). The FBI estimates that losses in the U.S. alone exceed $6.9 billion, with over 2,300 reports pouring in daily (pg. 18). Compared to the top 20 countries with the highest numbers of victims of digital crime, the United States exceeded their combined numbers by nearly 40% in 2021 (pg. 20). It’s clear that we’re in a hotbed of digital crime.

We’re seeing that the scam economy is extremely opportunistic in that it capitalizes on current events. Beyond the holiday season frenzy, some other timely examples include a rise in FEMA loan scams as we see more and more natural disasters occurring, an increase in student loan scams in light of President Biden’s loan forgiveness announcements and a spike in cryptocurrency scams as a result of volatile industry news. Make no mistake; scammers are always looking to exploit headlines by spinning up new ways to take advantage of consumers and the challenges we experience in our everyday lives. When we’re at our weakest and most hopeless, scammers see boundless opportunity.

However, the implications for individuals in these kinds of scams stretch far beyond financial impact. Being exposed to scams on a monthly, sometimes even weekly, basis can take a significant toll on our mental health, causing increased feelings of anxiety, worry and uncertainty about our financial future.

This should come as no surprise. After all, who likes being scammed? However, it really starts to snowball when these negative emotions trickle into relationships and family life, especially if a victim is a parent. ITRC (download required) has also reported that the effect on mental health can lead to extremes, with around 10% of people experiencing thoughts of self-harm (pg. 19) and 16% citing addictive behaviors (pg. 21). It’s pushing us to a dangerous brink.

However, the havoc that the scam economy can wreak isn’t limited to individuals—it unquestionably impacts businesses as well. The majority of business compromises occur due to employee negligence or error, putting businesses at enormous risk of falling victim to a data breach or ransomware attack. Fifty-eight percent of those affected by scams say it has caused problems with their employers (pg. 27 of the ITRC report). And with the exponential rise in attacks, it is all the more likely that an employee will encounter and fall victim to one such scam, putting the whole organization at risk.

A new trend in business email compromise (BEC) attacks is thread hijacking (pg. 8), in which a hacker intercepts an email thread and then poses as a supervisor making seemingly legitimate but detrimental demands to gain access to company networks. The financial risk to organizations as well as the anxiety that employees experience as a result of being targeted by bad actors are both damaging to a business’s bottom line.

We can’t stop the growth of scammers, and we can’t take away the risk posed to businesses and individuals—so what can we do?

The most important step for businesses and leaders to take is to inform, educate and provide ample resources for employees to feel protected online. Another survey found that 45% of consumers have never been educated on current scams by those posing to be from institutions like banks, credit card companies and credit bureaus, which heavily affect our daily lives and even our employers. While we all know the problem exists, the vast majority don’t know where to start. It’s paralysis by analysis, and we need a helping hand.

This is where employers can step in. It’s vital to have consistent employee training to not only boost employee knowledge but to stay up-to-date on how digital crimes are evolving. The more exposure they have to information, tools and exercises, the better equipped they’ll be to keep themselves and, in turn, your business safe.

Beyond building a cyber smart workforce, it’s imperative to cement this awareness and mindset in the everyday activities of employees. One of the best ways to guarantee employees’ protection is to offer these protections as an employee benefit. This helps jumpstart employee acumen and demonstrates that their employer prioritizes their online safety. It creates a culture of digital safety wherein these practices become second nature both personally and professionally.

The scam economy isn’t going away anytime soon. If anything, it’s going to grow, mutate and show up in more aspects of our personal and professional lives as the barriers to entry vanish for even the most novice hackers. To keep individuals and businesses safe from this burgeoning economy, it’s up to leaders to step up to the plate to nurture awareness, actively support education efforts and offer resources for people to feel confident in taking charge of their online safety individually and collectively.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?