With phishing emails drastically on the rise, there’s never been a better time to familiarize yourself with how to protect your business from phishing scams. Knowing how to defend your email inbox and keep your business’s sensitive information safe should be a security priority.
In this article, we’ll break down four types of common phishing scams and share tried-and-tested tips for protecting your company email inbox from phishing.
What Are Phishing Emails?
Cybercriminals use
phishing emails to pose as legitimate people, companies and institutions online, luring individuals into providing confidential information. Perpetrators often seek banking, credit card and password information to commit fraud, identify theft and corporate espionage.
Phishing scams are common and have been around in various formats for a long time. Before email, phishing tactics focused on phone calls and letters. Email is now the primary source of scams by unscrupulous hackers.
Increased internet usage since the COVID-19 pandemic has given criminals and hackers more opportunities to create phishing scams. The rise of fake COVID-19 websites (many promising testing and cures) has largely been responsible for a
350% rise in phishing emails since the beginning of 2020.
Common Email Phishing Scams
Tech Support Phishing Scams
Tech support phishing emails allege that you have malware on your computer. The hacker will ask to install remote access software on your computer to “fix” the problem, but install actual malware instead.
Clone Phishing Scams
Clone phishing is when hackers create malicious, almost identical copies of legitimate emails from reputable sources to trick you into unknowingly sharing your private information.
Spear Phishing Scams
Spear phishing involves targeted attacks aimed at specific individuals or companies. Scammers will research a targeted individual to discover details that lend credibility to the email.
Whale Phishing Scams
Whale phishing refers to attacks directed specifically at senior executives and other high-profile targets.
What Can Your Business Do to Avoid Phishing Emails?
Using the proper tools and safeguards will help IT departments head off phishing attacks before they can hit employees’ inboxes.
1. Install security software
Installing security software is your first line of defense against phishing scams. Antivirus programs, spam filters and firewall programs are quite effective against phishing attacks. You can also deploy web filters to stop employees from accessing malicious websites.
2. Keep software updated
Keeping software current with the latest security patches and updates also decreases your chances of getting caught in a phishing scam. Schedule regular updates and continually monitor the status of all software and equipment. The
FTC recommends keeping the following updated:
- Security software
- Operating system software
- Internet browsers and apps
3. Protect remote workers
Establishing BYOD (Bring Your Own Device) policies is essential in protecting your email from phishing attacks if you have employees who work remotely. Require encryption for remote workers and connect them to your server over a VPN to prevent access to phishing sites.
4. Schedule regular backups
When was the last time you tested your backup and recovery plan? If you can’t remember, chances are you’re long overdue. Scheduling regular backups helps ensure that your data can be fully recoverable in the event of an emergency.
5. Enforce password policies
Keep policies in place to enforce password expiration along with rules that govern allowable passwords. Minimum password length, numbers and special characters help create complex passwords that are more difficult to hack.
Learn all about password policy best practices.
6. Use multi-factor authentication
Require two or more credentials to log in to company accounts. Deploying multi-factor authentication prevents hackers who have compromised a user’s credentials from gaining access to your systems.
What Can Your Employees Do to Avoid Phishing Emails?
The best defense is a good offense. Educating your employees on what they can look out for and how to respond is tremendously helpful in thwarting phishing attempts. Let them know that if they’re ever unsure about the content of a suspicious email, they should contact your IT department, Help Desk or designated response team before responding.
Train new users on company security measures as part of their orientation. Regularly update and inform all employees of changes to internet security policies and procedures to keep new information top of mind.
7. Avoid emails from unknown senders
If you have employees in a customer service capacity who regularly receive emails from the public, this may be challenging. However, spam filters should help weed out malicious messages. Have your employees take the following steps to minimize risk from internal emails:
- Forward rather than respond: If an email looks suspicious (even if it’s from someone you’d typically trust), forward the message back to that same person to confirm rather than respond to them.
- When in doubt, call them: Still not sure? Call the sender directly to confirm their message.
8. Beware of spoofing
While this may seem obvious, “spoofing” scams can fool even the most observant. One kind of spoofing entails creating an email name that is very similar to an email from someone you know.
For example, “emilyanderson@acme.com” could be changed to “ernilyanderson@acme.com.” If Emily is someone you talk to regularly, you may not notice that the “m” in her first name is actually the letters “r” and “n,” which can resemble an “m” on some screens.
These scams can be especially dangerous if the person spoofed is in management or from companies you know. Some phishers use real company logos in their correspondence to make them look legitimate. People often feel safe providing sensitive information to those they trust.
9. Do not provide personal information or click on suspicious links
Do not provide personal or confidential information unless you have verified it directly with the person making the request.
Legitimate people and organizations will never ask for sensitive information via email. If you can confirm the request via phone, text or direct email, you have a better chance of avoiding danger.
Employees should never click on links in an email, even if they appear to come from trustworthy sources. If you’re unsure, open a new browser window and type the URL into the address bar rather than click a link. Another method is to hover your cursor over the email sender or links. If the links are malicious, they probably won’t match up with the email or link description.
10. Be on alert for threats or urgent deadlines
When spoofing is combined with threats or deadlines, the chances of falling for a phishing scam are even more likely. Creating a sense of danger or urgency (like the threat of a fine or account closure) often tempts people to make rash decisions. If you’re unsure, contact the company in question separately through their website.
11. Pay close attention to email content
Scammers often run phishing attacks from other countries. While many phishing scams are quite sophisticated, many of them make mistakes that are easy to catch if you’re paying attention. Spelling and grammar errors, along with content and images that aren’t quite “right,” are common red flags.
Boost Your Email Protection and Cybersecurity with Helixstorm
Feeling overwhelmed by your email and cybersecurity needs? Let Helixstorm ease your worries.
With more than 50 years of collective industry experience,
Helixstorm offers a wide range of cloud and virtualization solutions, 24/7 managed IT support and professional consulting. Helixstorm aligns technology to support strategy and solve business challenges.
Learn more about ways Helixstorm can help protect your business from phishing and cybersecurity attacks by
scheduling a complimentary IT strategy session.
