Next on our topic list for Cybersecurity Awareness Month is the number one form of cyberattack: phishing (sadly, this article isn’t about dancing with an inflatable cactus in the lawn section).
Phishing is a deceptive practice where attackers trick individuals into providing sensitive information or installing harmful software, often to steal money or data. This is typically done by encouraging victims to click on malicious links, open dangerous attachments, or share confidential information. Phishing scams can be disguised as legitimate emails from trusted sources, such as your boss, a colleague, or even a friend.
During my time as a grant writer, we occasionally received emails that appeared to be from our CEO, asking us to confirm payment of a bill through a link. Since the CEO’s office was within shouting distance of my desk, it was fairly easy to confirm that she hadn’t sent that request. Of course, receiving an unusual request that fell far outside of typical procedures was the biggest hint that a scammer was trying to get into our systems.
While directly asking the supposed sender (not via email!) is the easiest way to confirm if an email is legitimate, this may not always be possible depending on who the scammer is trying to impersonate.
According to the National Cybersecurity Alliance’s (NCA) 2024-2025 cybersecurity report, 67% of individuals surveyed had confidence in their ability to identify a phishing attempt. The most commonly reported steps used to confirm whether an email was legitimate were:
- Checking for poor spelling and grammar errors,
- Verifying the email is from a legitimate email address, and
- Identifying if the email requests private or sensitive information, like bank details.
The growth of AI has increased the sophistication of phishing scams by improving scammers’ ability to produce believable emails that will convince people to click a malicious link. This makes employee awareness even more important for businesses; ensuring employees are trained in identifying phishing attempts is a simple way to reduce potential data breaches or financial losses.
Whether in a professional or personal setting, the NCA recommends three steps to avoid falling victim to phishing scams:
- Recognize common signs
- Urgent or emotionally appealing language
- Requests for personal or financial information
- Unexpected attachments
- Untrusted shortened URLs
- Email addresses that do not match the supposed sender
- Poor writing/misspelling
- Resist and report
- Report suspected phishing emails by using the “report spam” feature in your email (where available).
- Phishing emails can also be reported to the FTC and the Anti-Phishing Working Group.
- Delete
- Delete the message without replying, forwarding or clicking on any attachments or links, including an “Unsubscribe” link.
Additionally, here are some basic questions to ask when looking for signs that an email is a phishing scam:
- Do the ‘From:’ details match the sending details?
- Does it ask you to carry out an action you wouldn’t usually do?
- Does it include a link or attachment you don’t recognize?
To learn more about phishing (which goes beyond emails) and how to ensure your employees are informed, check out this in-depth guide from CybSafe.
Don’t let the scammers go phishing with your data; contact Blip Tech at support@bliphelps.com to learn how our technology security and compliance services can protect your business today.
