Not 30 minutes ago, I received this email from "tdhyter". Attached to the email is a notice that my Geek Squad subscription will renew for $417 if I don't call them. It's probably obvious that this is a low-level phishing scam, but the ugly truth is that these still work.
A non-trivial amount of the population have not been trained to spot the multiple red flags in this email. In 2021, phishing accounted for 80% of all cyber breaches and, in the U.S., the average breach costs over $9 million! Spending on cybersecurity tools has never been higher, but all that effort can be undermined by untrained employees.
Companies must educate their workers on social engineering tactics. This doesn't have to break the bank, there are scores of free services and videos out there. I do think simulations are necessary though. We really have no idea who sent that email. Sending regular fake phishing emails to your employees maintains a healthy amount of suspicion.
There are several vendors that offer security training and phishing simulation services for reasonable prices (especially when compared to the cost of a breach). Some notables include:
KnowBe4 (my personal favorite)
PhishMe, Inc.
Infosec
Reach out to them. If you're unsure, ask for a trial. If it seems too expensive, ask for a deal. But don't do nothing.
Contact us if you want help.