How to identify and mitigate phishing attacks

January 21, 2020

Business owners consider various cyberthreats when it comes to security planning. One of the older but most effective weapons in a cybercriminal’s arsenal is phishing.

Phishing can be the first stage in a sophisticated information-stealing attack and remains pervasive for one simple reason: it works. It has been around for years, but today’s cybercriminals are adept at using them in an ever-increasing variety of ways. According to recent FBI figures, phishing and its variants ranked the third most popular cybercrime in 2017, which translates to nearly $30 million in losses. In 2019, phishing attacks had markedly increased.

A quick look at phishing

In essence, phishing involves tricking users into clicking on a malicious link or attachment. Fraudsters can then hijack your bank account, lock your PC with ransomware, bombard your screen with ads, and more. So how do you fight back?

You can’t fight against something you don’t know or understand, so the first step is to be aware of what an actual phishing attempt looks like. Here are ways to spot a phishing email:

The email asks you to confirm personal email – To gain your trust, the bogus email will appear authentic. Whether this email matches the style used by your company or that of an external organization like a bank, hackers will go to great lengths to ensure that it looks like the real thing. However, the email makes requests that you wouldn’t normally expect. This is often a strong indication that it’s not from a trusted source.

The web and email address look suspicious – Hackers typically trick recipients by including the name of a legitimate company. At a glance, the details can look very real but if you carefully examine the email address, you may find that it’s a bogus variation. For example, could seem as legitimate as In addition, malicious links can also be hidden within the body of an email, often alongside authentic ones.

Poorly written – One of the most glaring ways you can spot phishing emails is by their poor language. They often contain spelling and grammatical mistakes, as well as strange turns of phrases. Emails from legitimate businesses will have been constructed by professional writers, and checked and proofread for typos, technical, and legality errors.

There’s a suspicious attachment and/or a false sense of urgency – An email that unexpectedly comes with a sketchy attachment is most likely a phishing attempt. These links and attachments could contain a malicious URL that leads to the installation of malware on your PC or network.

Alternatively, the email may claim that your account has been compromised and that the only way to safeguard your account is to log in and change your credentials. Often, the email will state that your account will be shut down if you don’t act immediately, creating a dire sense of urgency.

While an old trick, phishing will continue to trick users. To stay protected, follow these best practices:

  • Train your employees. While they’re your greatest assets, they’re also your company’s weakest links, as they are likely to fall for hacking scams and social engineering schemes. Provide a structured program that includes anti-phishing education, awareness campaigns, and engaging tools.
  • Learn to recognize all the telltale signs. This goes for everyone in your organization. Avoid clicking on dubious links or opening attachments from unsolicited emails.
  • Always check suspicious emails. Contact the company that supposedly sent you the email to verify its authenticity. And if you are provided with a link and are being urged to log in via that link’s landing page, do not click that link. Instead, manually type the URL of the website in your browser. This is a must especially when it comes to online banking.
  • Use multifactor authentication (MFA) and consider advanced password solutions. MFA can go a long way as it keeps information from being hacked. It uses a secondary verification method, such as a one-time password delivered via SMS message, a physical token, or a biometric ID in addition to a username and a password.
  • Use proper email security. Email spam filters keep phishing emails out of your inbox, but cybercriminals are always trying to outsmart spam filters. Use extra layers of protection by getting the right security solution from a trusted managed security services partner. Make sure they offer protection against malicious links and files, ransomware, banking Trojans, and other threats associated with phishing.

All businesses are exposed to phishing attacks on a daily basis. But if you know what to look out for and have the right tools in place, you can secure your data under lock and key and keep your reputation safe from harm.