How to Spot a Phish Blog


How to Spot a Phish: Top Six Tips for Employees

Phishing scams are a common occurrence, despite the fact that they are not a new technique. Phishers attempt to trick people into disclosing sensitive information by pretending to be a legitimate source. These attacks can happen over emails, advertisements, or even webpages. The key to avoiding this type of scam is to be vigilant about security awareness and employee behavior.

People are the first line of cybersecurity defense for organizations. This means that it’s in the best interests of an organization to prioritize people when assessing cybersecurity threats and incident prevention strategies. By constantly educating employees about current threats and risky activities, phishing incidents can be prevented.

With phishing scams becoming craftier and more believable, we wanted to share some guidance users can follow to quickly and easily identify a phishing attempt.

Here are our top six tips to help employees spot a phishing attack:

(1) Check sender email address


Often, cybercriminals pose as an authority figure, such as a boss, to scare the user into providing credit card numbers, account numbers, phone numbers, or other personal information. In the example below, you can see the sender’s name and email address do not align. Always be sure to check the sender address before replying with any information, especially when the message is sent with urgency.


(2) Validate through a secondary channel


This may seem obvious, but before sharing any details, call or text the number you know to confirm the request. Without this step, users risk sharing important information to cybercriminals, leading to widespread data breaches and network infiltration.

(3) Ask questions


If you do not have an alternate email or phone number for the alleged sender, ask yourself: is there any reason for me to get this now? Illegitimate urgent requests are frequently sent at odd hours, such as early mornings or late at night, in an attempt to catch users off guard. In addition, common sense goes a long way. The user could ask themselves, why would this person want to talk to me now? If there’s an important project being collaborating on, the request might make sense. However, if the request has no obvious reason and the sender doesn’t provide one, it should raise a red flag.

(4) Simply do not respond


If ever asked for personal or sensitive information such as home address, social security number, or bank information, do not give it out. Instead, alert security and IT teams of the sender’s address. The IT department can verify if a request is legitimate and, if not, share information about the potential threat to the rest of the organization.

(5) Beware of attachments and links


It is common for phishers to ask the user to click on a malicious link or download a malicious file. Be extra cautious when clicking on embedded links in emails. Be sure to to hover over any hyperlinks to see where the link is taking you before clicking and engaging. It only takes one mishap for a phisher to infiltrate your organization.

(6) Use extra precaution during busy times of the year


An important tip to keep in mind is that many cybercriminals tend to leverage busier times of the year. During the holiday season, users are more distracted or visit online shopping websites more frequently, providing an opportunity for attackers to catch targets off guard. During this time, phishers typically send discount offers via text or email, and have become highly sophisticated at impersonating brands to get users to click on malicious links. Other tactics used are emails or texts asking you to claim a prize you never entered. Delete the message, block the sender, and swiftly notify your IT department.

These baseline tips seem simple, but even highly technical and trained users can fall victim to these attempts. Combating sophisticated phishing and social engineering techniques requires a human-centric approach to cybersecurity. One of the simplest and most effective ways for businesses to educate their users and reinforce good behavior is to provide real-time reminders on how to identify and remediate threats. In turn, employees are much better equipped and empowered with how to act when presented with a cyber threat.

For more information about how SecurityAdvisor can help quantifiably reduce security incidents through personalized, real-time coaching, schedule a demo with one of our experts.

Learn how SecurityAdvisor can help your team

Schedule some time to talk with one of our experts and they will show you how we can help your organization.

Get a demo Today