Imagine you open your email and see an email from your boss with the subject line “Could you follow up with this for me?” Everything about the email looks exactly like you would expect: it came from your manager, your organization logo appeared in the signature, the email was addressed to you, and it contained an action item for you to engage with.
But after clicking the link, your computer starts to run a little bit more slowly. Behind the scenes, malware is consuming large chunks of personal data, both on you and your donors. So what happened? In fact, you’ve fallen victim to one of the oldest cyberattacks in the book - phishing.
We are more familiar with phishing in the form of “Nigerian Prince” emails. But hackers have evolved in their ability to impersonate a legitimate sender. These schemes have taken on many forms in the modern age, but almost always share the following elements:
- The sender is impersonating another person or company
- The content of the correspondence motivates users to act
- The message isn’t highly personalized and is sent to large amounts of people
You may have noticed that the earlier example happens to fit the bill for these criteria. The hacker was impersonating someone at your company (your manager) encouraging you to act (click the link), and the email starts off with “Hello” instead of using your name. And, because employees are now spending 40 percent of their screen time on email, it is much easier to let your guard down and take things at face value when you are just trying to get things done at work.
According to Verizon, phishing attacks have a 3 percent click rate. If the email is sent to 100 people, 3 recipients are likely to open the malicious link or download the malicious attachment. If the email is sent to 1000 people, 30 of them might fall for the scam, and so on. Hackers know that more targets equal more opportunities for success. As a result, Microsoft estimates that you are 3x more likely to have a phishing email in your inbox today than you were last year.
So, what happens if you’re one of the 3% that falls for a phishing attack? For nonprofits, the consequences are virtually limitless, ranging from donor data theft to a wiped hard drive. Unfortunately for the average person, the phishing business is becoming more and more profitable for cybercriminals as the price tag for personal information continues to increase.
Unfortunately, innovation in email hasn’t evolved in tandem with the fast-paced digital transformation, which is one reason why reports of phishing attacks have continued to increase year-on-year.
Because of the growing number of fake emails being sent, it’s clear that traditional methods -- spam filters, antivirus software, and otherwise -- aren’t able to keep pace with attacks that are becoming more and more complex by the day. Nonprofits need a comprehensive tool that can proactively alert fundraisers to potential data breaches and provide steps to remediate data risks.
By understanding human behaviors unique to the nonprofit fundraising space, Gravyty Guard uses advanced technologies to train models, deploy proactive alerts, and provide detailed, flexible reporting to protect employees from being the source -- maliciously or accidentally -- of the next donor data security breach.
Is your donor data protected? Take our FREE 15-minute assessment and receive your own Data Security Health Score and find out if your organization is secure.