One wonders how the criminals get into your firm’s system. Most are invited by staff. One of the more common ways is Phishing which can be distinguished by Spearing. Phishing is when a mass e-mail is sent out and they have no idea who they are sending the e-mail to. Spearing is when the criminal has gleaned information from some source such as a hacked contact list of someone you know, or a social media site such as Facebook where they have some person information about you to make you feel the e-mail is legit.
Although most of you know that these Phishing e-mails are a joke. Just enough people respond to make It worthwhile for these to continue to be sent out. Phishing e-mails try to look legit from their story or supposed source and appeal to the greed in people who think that are getting something form nothing or very little and to keep it secret. Once you respond, they hope to get your to either send money, download a virus or malware, or give up other personal information.
In separate posts are recent examples of Phishing e-mails. I apologize to the intellectual property attorneys as I was unable to locate the authors to get permission to republish but I did it anyway. As silly as these examples are, you should not assume that your staff is not aware that these are scams.