How to Recognize And Prevent Phishing Attacks

Phishing is one of the most common threats that businesses face online. Phishing involves cyber criminals attempting to glean information from you, often through email, that could then be used for fraud or theft.

One famous recent example of a phishing attack victim is businesswoman Barbara Corcoran (who is also a judge on the popular show Shark Tank). Just last month, she lost nearly $400 thousand dollars because someone emailed Corcoran’s bookkeeper under the guise of Corcoran’s personal assistant. The bookkeeper received an invoice for $388,700 and, assuming it was legitimate (and failing to notice that the email address was misspelled by one letter), wired the money, which Corcoran stated she is sure she will never recover.

These types of phishing attacks are very common; when surveyed, 64% of organizations reported experiencing a phishing attack in the last year. And current statistics suggest that number will only continue to rise.

So to avoid losses like the example above and to ensure safe and secure operations, it is important for individuals, organizations, and employees to be able to recognize and prevent phishing attacks. Here are some tips for recognizing and preventing these attacks:

Recognizing An Email Phishing Attack

Though different attacks will be unique, there are key characteristics which you can use to identify suspicious emails and likely phishing attempts:

  • A phishing email will generally have a fake sender that looks real at first glance. The sender might claim to be a company you do business with or a friend you know personally. Read the email address carefully to make sure it’s real and not a slightly misspelled copy—for example, instead of 
  • There may be a suspicious attachment too—and a suspicious attachment is really any attachment that you were not expecting to receive.
  • There might also be a link included that asks you to log in or that doesn’t make sense in the context.
  • Phishing emails often contain spelling or grammatical errors or other strange wording.

Legitimate companies generally know how to spell and won’t send you unsolicited attachments, and they’ll never ask you to respond with personal information. If you see one of these signs, or several combined, then it is likely a phishing email that is attempting to poach your sensitive information.

Preventing Phishing Attacks

It is, of course, most effective to prevent phishing attacks altogether whenever possible. The following business practices will help you keep phishing attacks at bay:

1. Train Your Staff

First, you should provide your staff with training, as they are your first line of defense against phishing attacks. Your staff should know how to watch out for and recognize a phishing attack, as well as proper procedures for reporting phishing attempts in your company. They should be trained in business security practices, such as not downloading suspicious items, not clicking links that may be harmful, and not entering personal or login information in insecure places. (One rule to live by is to never log in to your bank account or other account from a link sent in an email; always go through the website itself.)

By training your employees, you enable them to become a security asset instead of a potential weakness.

2. Invest in Strong Email Filters

It’s also important to invest in strong email filters. Generally, you will find that automatic filters included with standard email accounts aren’t strong or smart enough to filter out well-crafted phishing attacks. Additional filters are an investment that may be worth it to prevent such attacks from even reaching your inbox.

3. Launch Training Phishing Simulations

Training phishing simulations can alert you to just how prepared your company is for a phishing attack. Realistic phishing simulations will show you how your employees will react and which attacks are likely to get through, so you’ll know which areas of your training and cybersecurity to focus on.

4. Outsource Your Cybersecurity

When you outsource the care of your cybersecurity to a Managed Service Provider, they will cover all areas of your company’s cyber safety, including running phishing simulations and ensuring your team is prepared to use best security practices to guard against phishing and other cyber threats. You won’t need to worry about your company suffering losses due to phishing attacks getting through because your IT service provider will take care of it for you.

At Mentis Group, our technicians have seen it all. By working with our experienced IT team, you can receive the very best care for your cybersecurity and IT. Contact us today to guard against phishing attacks in your company and receive the very best IT care.