b'THE STATE OF RETAIL DIAMONDSJEWELRYCOLORED DESIGN STONESAs players navigate the fictional body of water dubbed Interweb Bay, they learn to recognize common phishing tactics.Were trying to teach people how to read those URLs and to recognize a fake one, he says.Theres a tendency to believe that older, less tech-savvy people are more susceptible to phishing scams, but the universitys research doesnt back up this assumption. A screenshot from the game Anti-Phishing Phil, which teaches players to spot signs of phishing scams, like a Hong recalls a Carnegie Mellon study of around 500fake URLpeople, including students and faculty.Almost everybody thinks older people are more likely to fallAs previously reported by National Jeweler, Sabatino, then an for phishing scams, but our data shows actually the opposite, that,inmate in federal prison in Miami, pretended to be a music executive surprisingly, younger people are much more likely to fall for theserepresenting stars like Beyonce and Justin Timberlake. scams, he says. Using fake email accounts, he convinced major jewelry compa-Determining the reasons for the discrepancy would require anies to send out pieces he claimed would be worn in music videos, follow-up study for an official answer, he says, though he posits itsometimes via armored cars. His co-conspirators on the outside could be because younger people click on everything, or becausethen picked up the jewelry and sold it at pawn shops. they just have less to lose than a more financially stable and, osten- The crew made off with a significant amount of jewelry, including sibly, more cautious, older person. a 7.29-carat oval-cut diamond and an 8.55-carat emerald-cut diamond. Nearly two decades since his research began, Hong maintains phishing is the biggest cybersecurity threat to bothIn light of ransomware attacks, be mindful ofbusinesses and individuals. Education ondata collection and storage.the topic must continue. Ransomware is a type of malware that Security training is a lot like literacy.encrypts files on a device, leaving users un-Were never going to solve literacy. Itsable to access them until a ransom is paid.something you just have to do with everyIn fall 2021, high-end jeweler Graff was generation, and you still need lots of prac- Cybercrime expertshit with a ransomware attack and ended up tice for people, too, he says. say it is more accuratepaying $7.5 million to retrieve its data. The In addition to creating the Anti-Phishingto say when versus ifgroup of cybercriminals responsible for the Phil game, Hong was a member of a teamwhen talking about aattack, named Conti, released personally that developed a simulator that sent phish- cyberattack. identifiable information about some of ing emails to a companys employees to seeGraffs customers before a deal was made.what could happen in real life.Grant Hansen,The most common cybercrime reported Less than a quarter of small businessJewelers Mutual to Jewelers Mutual is ransomware attacks, owners send regular phishing test emails tosays Hansen, with policyholders requesting employees, as per the Nationwide survey, butassistance to unlock their software. its something JSAs Ruddock recommends.Similarly, the company has had reports of In the event an employee does click on aa ransomware-like attack in which a jewel-link, thats really just an opportunity for enhanced training, ers social media accounts are hacked by criminals who request a he says. ransom payment. Not properly training oneself or employees about phishing scamsMany jewelers businesses are supported by their social media plat-could be a costly mistake. forms, particularly Instagram, notes Hansen.Ruddock recalls a criminal case involving a man named Jimmy Sa- In contrast, JSA hasnt received many reports of ransomware batino, who is serving a 20-year sentence for his role in stealing moreattacks, says Ruddock, but jewelers should still be aware of the possi-than $10 million in luxury goods from behind bars in 2014 and 2015. bility and protect their businesses.18 STATE OF THE MAJORS 2023'