Fighting Phishing Email Scams: What You Should Know

Phishing email scams are more effective than you may think

Despite how long phishing emails have been around and despite training employees on phishing emails, they still remain one of the top threats to companies. Additionally, phishing emails are becoming more sophisticated and therefore more difficult to detect. Many employees fall victim to phishing email scams, which can lead to potential data breaches and loss of important information.

What is a phishing scam?

Phishing is a type of Internet-based social engineering. Cybercriminals use legitimate businesses and situations to email and convince their victims to give them their personal information such as social security numbers.

Some phishing emails will have the victim click on a link, which introduces malware to the user’s device. The malware can then grant access to the attacker, leaving them free to steal sensitive data. Other emails will state that an item you purchased online can’t be shipped because the credit card number wasn’t correct, or the billing address was wrong, etc. They then have you click on a link to a spoofed website and ask for updated payment/shipping information.

See also: Top 10 Types of Phishing Emails

See also: White Paper: How to Effectively Manage a Data Breach

Why do phishing email scams work?

With all the online scams that are happening, you’d think we’d be warier of phishing email scams. Yet, these types of scams are responsible for a lot of lost data in companies.

We’re trusting ‍

We’d like to believe the people emailing us are genuine. It’s human nature to want to trust others, especially those that reach out to us. Unfortunately, social engineers take advantage of that and use it to steal from companies.

Good phishing emails look official ‍

Some emails can recreate a company logo and make the email look convincing. Just like a social engineer in person looks like they belong in your company, phishing emails look like they are part of the company contacting you.

They prey on our fear

If we're scared, we tend to not act logically. Some phishing emails take advantage of that, using scare tactics to cause us to make impulsive decisions. For example, you may receive an email stating that you have had a breach of your personal banking information, and you need to click on a link to log in and change your online banking password. The attacker is banking (pun intended) that you will want to quickly protect yourself or check your online balance to ensure you still have money after the “breach.”

See also: 7 Ways to Recognize a Phishing Email

See also: White Paper: How to Effectively Manage a Data Breach

How do you combat phishing email scams?

• Be skeptical: Always verify everything with the company you are working with, especially if it involves sensitive information. If a banking institution emails you, asking for credit card information, call them from their business phone to verify. Avoid giving important data over email when possible.
• Train employees: Make sure your employees are aware of phishing emails and what to do if they suspect they’re receiving one. Hold quarterly training meetings, if not monthly.
• Have policies: Establish procedures employees should follow should they receive a phishing email or anything that seems suspicious. This could include how to verify if an email is legitimate, who to notify, and how to deal with such an email.

Phishing is easier than you think

Phishing email scams are more of a danger than many companies realize. And it doesn’t take a particularly skilled attacker to create a successful phishing campaign.

Similar to social engineering, phishing targets the company’s weakest link in security: the employees. An untrained employee can inadvertently cause a lot of damage to their company if they fall victim to a phishing campaign.

Remember, when it comes to emails, be smart and be careful with sharing your data.