BLOG HOME > Cybersecurity > Fighting Phishing Email Scams: What You Should Know

Fighting Phishing Email Scams: What You Should Know


Brand Barney, SecurityMetrics
By: Brand Barney


Phishing email scams are more effective than you may think. 



When you think of social engineering, you may think of someone walking into your business and stealing data from servers, computers, etc. But companies aren’t just getting socially engineered in person; it’s happening online too. Many employees fall victim to phishing email scans, which can lead to potential data breaches and loss of important information.

What is a phishing scam?

Phishing is a type of Internet-based social engineering. Cybercriminals use legitimate businesses and situations to email and convince their victims to give them their personal information such as social security numbers.

Some phishing emails will have the victim click on a link, which introduces malware to the user’s device. The malware can then grant access to the attacker, leaving them free to steal sensitive data. Other emails will state that an item you purchased online can’t be shipped because the credit card number wasn’t correct, or the billing address was wrong, etc. They then have you click on a link to a spoofed website and ask for updated payment/shipping information.

SEE ALSO:  Top 10 Types of Phishing Emails

Why do phishing email scams work?

With all the online scams that are happening, you’d think we’d be more wary of phishing email scams. Yet, these types of scams are responsible for a lot of lost data in companies.


Here are some reasons why phishing scams still work:

We’re trusting 
We’d like to believe the people emailing us are genuine. It’s human nature to want to trust others, especially those that reach out to us. Unfortunately, social engineers take advantage of that and use it to steal from companies.

Join Thousands of Security Professionals and Subscribe

Subscribe

Good phishing emails look official 
Some emails can recreate a company logo and make the email look convincing. Just like a social engineer in person looks like they belong in your company, phishing emails look like they are part of the company contacting you.


They prey on our fear 
If we're scared, we tend to not act logically. Some phishing emails take advantage of that, using scare tactics to cause us to make an impulsive decision. For example, you may receive an email stating that you have had a breach of your personal banking information, and you need to click on a link to log in and change your online banking password. The attacker is banking (pun intended) that you will want to quickly protect yourself or check your online balance to ensure you still have money after the “breach.”

SEE ALSO:  7 Ways to Recognize a Phishing Email

How do you combat phishing email scams?


  • Be skeptical: Always verify everything with the company you are working with, especially if it involves sensitive information. If a banking institution emails you, asking for credit card information, call them from their business phone to verify. Avoid giving important data over email when possible.
  • Train employees Make sure your employees are aware of phishing emails and what to do if they suspect they’re receiving one. Hold quarterly training meetings, if not monthly.
  • Have policies: Establish procedures employees should follow should they receive a phishing email or anything that seems suspicious. This could include how to verify if an email is legitimate, who to notify, and how to deal with such an email.


Let us help you train your employees against phishing!

Phishing is easier than you think

Phishing email scams are more of a danger than many companies realize. And it doesn’t take a particularly skilled attacker to create a successful phishing campaign.

Similar to social engineering, phishing targets the company’s weakest link in security: the employees. An untrained employee can inadvertently cause a lot of damage to their company if they fall victim to a phishing campaign.

Remember, when it comes to emails, be smart and be careful with sharing your data.

Brand Barney (CISSP, HCISPP, QSA) is a Security Analyst at SecurityMetrics, has over 10 years of data security experience, and will totally geek out if you mention Doctor Who. Brand loves to play jazz piano and daydreams about being as great as Dave Brubeck or Thelonious Monk. 


Want to learn more about spotting phishers? Check out the infographic here!

Download the latest guide to PCI compliance

Download Now



We are excited to work with you.

*Required

Thank you!

Your request has been submitted.