Phishing Scam Emails Put Employers and Employees at Risk

published 31 October 2023

To help you understand what is going on in the cyber security sector regarding phishing and other scams and what we expect to happen in the future, our highly experienced Kiplinger Letter team will keep you abreast of the latest developments and forecasts (Get a free issue of The Kiplinger Letter or subscribe). You'll get all the latest news first by subscribing, but we will publish many (but not all) of the forecasts a few days afterward online. Here’s the latest…

Despite companies utilizing powerful email security tools, phishing scams are still a growing risk. In fact, according to the Fortinet 2023 Global Ransomware Report, phishing is the top tactic (56%) that malicious actors use to access a network and launch ransomware effectively.

Hacked email accounts can be used to impersonate the owner and send a phishing message to all contacts. Phishing emails may also come with legitimate hyperlinks that redirect victims to a confusing series of pages, finally leading them to a page to steal their information.

Subscribe to Kiplinger’s Personal Finance

Be a smarter, better informed investor.

Save up to 74%

https://cdn.mos.cms.futurecdn.net/hwgJ7osrMtUWhk5koeVme7-200-80.png

Sign up for Kiplinger’s Free E-Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

Another trend is tailored phishing emails that are chock-full of personalized details. Some advice businesses may want to consider might be pushing employees to report potential phishing threats to IT, which can help improve security tools. Video-based training is a good start, but individual training should focus on the specific threats of different job types.

In addition, one ransomware vulnerability businesses need to take seriously is employees’ personal devices and other unmonitored work devices. The vast majority of successful ransomware attacks start with unmanaged devices. Personal smartphones that are used for work can be one way an employee falls prey to a phishing attack — where a cybercriminal takes control of key data or systems and demands money to return things to normal. It’s a reminder that companies, even small ones, need to make sure that IT is managing devices and that workers are using basic defenses, such as strong passwords and two-factor authentication.

This forecast first appeared in The Kiplinger Letter, which has been running since 1923 and is a collection of concise weekly forecasts on business and economic trends, as well as what to expect from Washington, to help you understand what’s coming up to make the most of your investments and your money. Subscribe to The Kiplinger Letter.

John Miley is a Senior Associate Editor at The Kiplinger Letter. He mainly covers technology, telecom and education, but will jump on other important business topics as needed. In his role, he provides timely forecasts about emerging technologies, business trends and government regulations. He also edits stories for the weekly publication and has written and edited e-mail newsletters.

He joined Kiplinger in August 2010 as a reporter for Kiplinger's Personal Finance magazine, where he wrote stories, fact-checked articles and researched investing data. After two years at the magazine, he moved to the Letter, where he has been for the last decade. He holds a BA from Bates College and a master’s degree in magazine journalism from Northwestern University, where he specialized in business reporting. An avid runner and a former decathlete, he has written about fitness and competed in triathlons.