Keep Your Business Safe From Phishing Attacks

Phishing attacks have increased over the past five years more than 150%! In 2024, phishing was the second most common cause of data breaches and the most expensive averaging $4.91 million in breach-related costs.

You are just finishing up all your work on a late Friday afternoon when you receive an email from IT “Download ASAP – Critical Security Update”. You feel good that you were still in the office to take care of this before you left for the weekend.

When you arrive on Monday morning, you are informed there has been a serious data breech. Malicious software/malware was downloaded and installed on a company computer allowing cyber criminals to steal confidential customer information.

How did this happen?.. You got phished!

Phishing is a cyber attack that exploits human behavior to gain access to personal information or get you to install malware on your computer. Phishing messages often look like they’re coming from a trusted source—like your bank or someone you work with—and they usually create a sense of urgency so that you act quickly, without thinking.

Luckily, phishing scams only can work if you let yourself fall for them. The power is in your hands; follow the five tips below to keep you and your business protected.

Slow Down – Be Vigilant

Does your accountant email you asking for the digits to your company Mastercard? Does your bank ever reach out to you because they forgot your login and password? Does a new acquaintance on Linkedin typically ask for a business loan? The answer to all of these questions is no, they do not.

Phishing attacks work because we don’t stop to think about what we’re doing. The best way to prevent them? Slow down and keep a healthy level of skepticism. If you get an email, text, or social media message and something doesn’t seem quite right, don’t reply immediately.

Double Check Source

By resisting the urge to respond immediately, you’ve taken away the scammer’s biggest asset: the sense of urgency. The next step is to dig a little deeper and see if the message is real. How do you do that? Here are a few suggestions:

Check the sender’s email address or social media profile: Phishers often use email addresses that look similar to legitimate ones but have slight misspellings or extra characters. Similarly, social media usernames may look off and their profiles may be incomplete, have few followers, and little engagement (likes and comments).

Hover over links before clicking: Hover your mouse over links to see the actual URL before clicking. Ensure it matches the legitimate website’s address. For example, if the email is supposedly from your bank, go to your bank’s website directly to check the URL.

Look for red flags: Phishing scam artists will try to create a sense of urgency or fear. Also, messages may contain spelling mistakes, poor grammar, or awkward phrasing.

Never Download Attachments from Unknown or Unexpected Source

If you get an email or direct message and you’re not sure about the sender, don’t click on any attachments. Getting you to download files is a great way for criminals to spread malware, and it’s not worth taking the risk.

If an email from a known contact contains an unexpected attachment, verify its legitimacy before opening it by calling or emailing that contact directly.

Use Security Software and Keep it Up To Date

Phishing often involves spamming thousands of people with emails in the hopes that one or two will fall for the trick. Antivirus software can help detect and block malicious emails and attachments.

Report Suspicious Messages

Phishing works by manipulating our emotions, and one of those emotions is shame. Many people who are victims of phishing attacks never report the crime to authorities because they feel foolish for getting tricked. But this behavior plays right into cyber criminals’ hands. If you get scammed, or even if you get a suspicious message, report it straight away.

To IT: Report suspicious work emails to your IT or security team.

To your email provider: If you receive a phishing email to your personal email address, report it to your provider using their built-in reporting features.

To your social media platform: Similarly, if you receive a suspicious direct message, flag it.

To organizations: If the email supposedly came from your bank or other trusted company, contact those organizations directly to let them know.

To authorities: If you fall victim to a phishing attack and are facing financial loss, identity theft, threats, or suspect organized criminal activity, report it to the police as soon as possible. It may be part of a larger attack!

Now you have the information to recognize phishing scams and stop them in their tracks. Please share these insights with your team to help everyone stay secure!