Most of us have grown wary and can recognize the most common scams in our personal emails—although, on average, these types of scams still cost victims an average of $2100 per event. 

Phishing emails are getting more and more sophisticated, however—and they’re affecting unsuspecting employees in the workplace.

What is a phishing email?

Phishing emails typically contain a link or attachment that can introduce malware to a user’s device. Thanks to filters, many of these emails automatically end up in spam, but this isn’t always the case. 

Sometimes the emails direct the user to a website that’s been spoofed, prompting the user to reveal their login credentials or other sensitive information, which could lead to a security breach within your company. 

The latest cybersecurity statistics show that email is a critical vulnerability for most businesses.

According to Verizon’s 2019 Data Breach Investigations Report, 94% of malware attacks begin through email, which is a common access point for security flaws and hackers. 

Furthermore, 43% of data breaches affect small businesses. The average small business loses approximately $50,000 per cybersecurity incident; and unfortunately, at that level, owners may not be able to recover their losses.

4 common email phishing techniques your team needs to recognize, to keep your business safe.

    1. Do NOT click that link or open that attachment.

It almost goes without saying that you should never click links or open an attachment from a sender you don’t know, but it still happens. Clicking on a link or downloading a file could introduce malware into your system—and possibly, your entire network—leading to big headaches for all involved. 

Always hover over URLs to check the destination, and never download any attachments you weren’t expecting to receive.

2. Check that the email is really coming from who you think it’s coming from

Common phishing emails appear to come from the name of someone you know (your co-worker or CEO, for example) but their email address won’t be correct.

It never hurts to double check the email address of the sender. If you have a question, you can always email the person separately, using the email address you have for them, and confirm whether they sent the suspicious email to you.

3. Logos and brand images can fool you

Just because you see a company’s logo or trademark image doesn’t mean that it’s coming from a trusted source. Images can commonly be downloaded and used for a phishing attack to look more legitimate, so don’t click if something looks off.

4. If you think a subject line or email looks suspicious, you’re probably right

No doubt you’ll receive an urgent email or two at work, but any urgent email concerning a password change, revised policy, or other security alert can wait until you’ve verified its authenticity. 

Even if the email comes in with the correct email address, one of the most common and dangerous cybersecurity threats is when a trusted sender’s email has been hacked. If it looks like it came from Susan in HR, but doesn’t sound like her, or sound like a request that she would make, it’s worth making a quick call to check before opening the email.

Cybersecurity events are becoming more and more sophisticated, but with proper training and knowledge, you and your team can save time, grief, and unrecoverable loss of data and business funds. 

Don’t know how vulnerable your organization is to a phishing attack? Schedule a call with our experts for a cybersecurity assessment.