Commentary June 18, 2021
Educate On Cons, Cyber Threats Now – Or Risk the Worst
The danger to your promo products business is real, increasing and potentially devastating. Don’t fall prey.
It’s never been easier for crooks to rip off you and your promo company.
One wrong click and you can launch malware that cripples your network, rendering it inoperable, until you pay the hackers a ransom to have the system restored.
One fake buyer can convince an unwitting sales rep that an order is legit and get them to ship product the scammer never pays for. The next thing you know, your company is on the hook for a five-figure bill.
It’s the downside of the digital age – the fact that hackers and con artists have a high-speed, direct conduit to us through the tech tools that are foundational to how we now do business.
The sad part is these hackings and swindle attempts are increasing, and they’re likely to continue to do so, including at promotional products firms.
Consider this: In 2020, the FBI received almost 2,500 reports of ransomware attacks – up 66% from the prior year. The actual number of cases is likely far higher.
Meanwhile, ransomware victims paid cyber crooks four times more in cryptocurrency ransom payments in 2020 than they did in 2019 – some $350 million, according to Chainalysis, a firm that specializes in blockchain analysis. The estimated total cost to the U.S. economy of ransomware hackings reportedly tallies in the billions each year.
Another major bummer: Cybersecurity firm Sophos estimates that the average total cost of recovery from a ransomware attack has more than doubled in the last year, increasing from just over $760,000 in 2020 to $1.85 million in 2021.
Next consider the cons. Earlier this month, I reported how a distributor was left liable for paying for 10,000 flash drives after a schemer posed as a buyer for a major university and got the promo firm to fulfill the order, then never paid. Following the publishing of that report, I received an avalanche of feedback from distributors saying they’ve been hit with such scam attempts weekly – if not daily. No, these efforts to swindle aren’t new, but the word from the industry is that they’re rampant, increasing and, at least in cases, growing more sophisticated.
Scammers are coming hard after the #promoproducts industry. Are you prepared? 2-minute vid has tips for spotting the schemes. @asicentral @ASI_MBell @Melissa_ASI pic.twitter.com/JiyJnJXi4V
— Chris Ruvo (@ChrisR_ASI) June 7, 2021
What’s a promo company to do? Be prepared as possible to the thwart the threats. Of course, part of that is ensuring your tech systems are as up-to-date and bulwarked as possible against cyber threats. But even if they are, that doesn’t remove the human element, which can bring things crashing down. How to handle the human variable? Invest in routine, ongoing cyber/scammer security education for company leaders and employees.
While some may dismiss the cons and ransomware attempts, saying they’re easy to spot with common sense, that kind of cockiness is dangerous. You’re only as strong as your weakest link, and what may be obvious to one employee or sales rep may not be so to others. Therefore, it's incumbent on leadership to do everything within reason to ensure each employee is as informed as possible so they don’t fall prey.
As far as cyber security goes, there’s an abundance of programs available that offer both web-based and/or in-person training. These programs can range in scope from awareness-raising to more comprehensive offerings that cover cyber security for every type of employee, from IT executives to general workers.
Here are 7 tips (in under 60 seconds) on how to enhance your cybersecurity. #cybersecurity #ransomware #ASIMedia #promoproductshttps://t.co/UEYNVbPmBv pic.twitter.com/gvAlE0MW7s
— Theresa Hegel (@TheresaHegel) June 4, 2021
At the least, a cyber security education course should teach about spotting phishing scams, which are often the means through which ransomware attacks are launched. In a phishing scheme, hackers trick unsuspecting victims – like a business’ employees – into downloading or clicking a link or file that’s infected with malware. The malware then spreads rapidly through an entire system, encrypting it. The criminals then demand that victims pay them a ransom in exchange for a decryption key, which is used to free computers.
Depressing stat: Sophos found in its State of Ransomware report that only 8% of companies managed to get back all their data after paying a ransom, with 29% getting back no more than half.
Though it’s important to train workers in the technical details of a phishing attempt, it’s even more crucial to drill down to the psychology behind why such emails work. “People are rarely fooled by the detail and authenticity of phishing attacks, and much more so by the emotional hooks that they use to bypass rational consideration,” James Bore, director of Bores Security Consultancy, told ASI Media recently.
How concerned are you about #Cybersecurity for your business?#Poll
— ASICentral (@asicentral) June 7, 2021
Promo firms also should, on an ongoing consistent basis, educate employees about cons aimed specifically at our industry. Take the flash drive scheme that hoodwinked the distributor, who was new to the industry.
It involved a crook emailing the company and pretending to be a procurement manager from Ohio University, Michael Pidcock, who wanted to buy 5,000 branded flash drives. Pidcock is an actual individual who works in procurement at the university – something the distributor looked into by checking on LinkedIn and on the educational institution’s website. You can read the full account here, but what it boils down to is that the distributor believed the order was legit and shipped flash drives and then another batch of 5,000 before realizing the ruse.
A scammer swindled a distributor out 10,000 flash drives in a scheme that seems increasingly common in the #promoproducts industry. https://t.co/8xrttuSMoB @ASI_MBell @Melissa_ASI @asicentral @TheresaHegel
— Chris Ruvo (@ChrisR_ASI) June 1, 2021
After the story published, some in the industry disparaged the distributor in social media comments and emails to ASI Media for being woefully naive. Still, there were others – more experienced folks included – who contacted ASI Media directly to say they’d fallen victim to such scams too, as some crooks do a remarkably good job of creating the appearance of authenticity.
That said, there were tells in the recent scam. The request for flash drives – decorated or blank – is a common request from the would-be con artists. So, incidentally, are blank T-shirts. Furthermore, the email address was doctored to closely resemble a genuine Ohio University email address, ending in a “@ohio-edu.org”. Even so, the “.org” should have raised a red flag; the legit address was “@ohio.edu”. Another clue that this was crookery was broader: It’s generally not easy to become a vendor for a major university. Why would one be reaching out to you out of the blue with a big order? That bears investigating.
Educating salespeople, customer service reps and other employees about such tipoffs to scams should be part and parcel of what promo firms do. No doubt, these types of swindles will evolve, so companies must stay alert and educate their workforces to emerging threats.
In the interconnected digital marketplace we all operate in, there are – very excitingly – more opportunities than ever to quickly grow your company. Unfortunately, there are more threats, too. Be wise to them and make prevention from being victimized a top priority. It could just save your business.