Phishing scams are nothing new and are one of the biggest cyber threats to a business. According to Proofpoint, more than 80% of companies were targeted by phishing cybercriminals in 2021. Do you know how to spot phishing attempts at your organization?

Understanding the different types of phishing strategies is the first step to stopping them from infiltrating your organization. Let’s examine the different types of phishing attacks, ways to spot them, and how to block phishing emails.

Types of Phishing Attacks

What is phishing? Phishing is an email or text message scam that tricks users into providing personal information either by clicking on a link or opening an attachment. The emails or text messages appear to come from someone the recipient trusts, either a supervisor, colleague, or in some cases, a family member.

Not all phishing attempts are the same, and there are several different ways a cyber thief can deploy a phishing attack. The most common types include:

  • Deceptive: Deceptive phishing is the most common type of scam. In this method, attackers impersonate a company the user is familiar with to steal personal information or data. The emails may look real and even include legitimate links to trick the user into falling for the scam.
  • Spear: Spear phishing is a more targeted type of a deceptive phishing attempt. With spear phishing, the criminal will specifically target an individual with personal information they can find on the Internet. A spear phishing email may contain the user’s full name, place of employment, job title, email address, and even specific information about their role at their company.
  • Whaling: Whaling is similar to spear phishing, however, targets senior leadership such as the C-suite. With whaling, scammers impersonate the CEO, CFO, or another high-level team member with the hope the recipient will “follow orders” from a superior. The requests are typically to complete a financial transaction or respond to the email with personal information.
  • Smishing: Smishing is a type of phishing attack that uses text messaging rather than emails, but the goal is still the same – to get a user to click on a malicious link or provide personal information. Many phishing criminals will send text messages disguised as a bank and claiming there was suspicious activity with the user’s bank account or credit card.
  • Vishing: Vishing is much the same as smishing, however, the platform switches to a phone call rather than a text message. Senior citizens are particularly at risk for vishing attacks. The caller will pose as someone in an authoritative position to be able to obtain bank account numbers, credit card information, and more.
  • Pharming: As users have become more aware of email phishing, fraudsters have changed their strategy to include pharming. With pharming, users are redirected to a fake or “spoof” website that essentially appears to be a real website. The fake sites are designed to capture a user’s personal information such as their social security number, website credentials, account numbers, and more. Pharming is implemented when the hacker sends malicious code in an email that redirects traffic to the fake website.
  • Angler: Angler phishing is a fairly new type of phishing attempt that targets social media users, particularly ones who are frustrated with customer service at a financial institution. The cybercriminal will pose as a customer service rep for the company and respond to a complaint using a handle that includes the name of the institution. The fake account will attempt to “resolve” the complaint and ask the user to click on a link to talk to an agent. Once the link is clicked, the fraudster can install malware on the user’s computer or steal business data.

While there are different methods of phishing, they all share the same goal. The email (or text message or phone call) may ask for a password, billing information, credit card numbers, or other sensitive data. Once the information is shared, hackers can infiltrate a company’s network and steal information or deploy malware. Phishing is a real risk for all sizes of organizations, from small businesses to large enterprises. If you are concerned about phishing attempts at your business, a cybersecurity team like Everound can help.

How to Spot Phishing Attempts

how to spot phishing attemptsIt’s more than likely that you have been the target of a phishing attempt either at work or at home. Were you able to spot it as suspicious? There are “red flags” to watch out for when determining if an email is real or a phishing attempt.
Here are ways to spot a phishing attempt:

  • Unfamiliar tone: Does the email from your friendly coworker down the hall come off as cold and monotone? Chances are, the email is a phishing attempt. Hackers don’t understand tone very well and some phishing emails are even written by bots. If the content in an email feels a little “off,” make sure you verify the sender actually sent you an email.
  • Spelling and grammatical errors: Most email platforms have a built-in spell check feature for outbound emails. If an email contains several spelling and grammatical errors, it may be a phishing attempt.
  • Inconsistencies with an email address, links, or domain: Another easy way to spot a phishing attempt is to look for inconsistencies with the domains in email addresses or links. For example, if you hover over a link in an email from your “bank” and the URL doesn’t contain the bank name or trusted domain, that’s a huge red flag.
  • Threats or a sense of urgency: Threats or a sense of urgency are often used in whaling. Your “CEO” may be busy in a meeting and ask you to quickly take care of sending a payment to a vendor. If you receive an email that feels out of character, is threatening, or creates a sense of urgency that is uncommon at your business, this is likely a phishing attempt.
  • Suspicious attachments: Attachments sent via email should always be opened with caution. Attachments can contain harmful viruses and malware that can infiltrate an entire organization quickly causing financial damages. If you receive an email with an extension such as .zip, .exe, .scr, etc., or another unfamiliar extension, be very cautious about opening it. Check with the sender by phone to see if they sent you a safe attachment.
  • Odd request: Did you get an email with a request to do something that is not within the normal scope of your job at work? Or perhaps an off-hours text message from your “boss”? Did your IT team send an email with an attachment and you weren’t expecting it? Odd requests are a sign of a phishing attempt.
  • Short and sweet: Some phishing emails are full of content and detail, and others are short and sweet. If you receive a message with a short note like “Per your request” or “As a follow up…” however didn’t request or need anything from the user, do not click on any links or open the attachment.
  • Request for a password or other sensitive information: This is by far the easiest way to spot a phishing email – when the requestor asks for a password or other sensitive information in an email. Passwords, bank account information, and personal data should never be shared via email. A savvier attempt is to send the user to a fake landing page and ask the user to enter their credentials. Remember – banks, financial institutions, and other reputable companies you do business with will not request your credentials via email or their website.

Learning how to spot phishing emails can reduce your risk of a data breach or other cyber threat. Phishing emails are always a little bit “off” and are suspicious. If you are unsure if you can tell the difference between a real email and a phishing scam, working with a cybersecurity team can help.

How to Block Phishing Emails

The first line of defense against phishing emails is learning how to spot them. Your information technology team is likely also implementing several strategies to block phishing emails all together.

How can you block phishing emails?

  • Security awareness training: Phishing attempts all rely on one thing – human interaction. You can reduce your threat and risk of being a target of phishing emails by implementing regular security awareness training at your organization. There are also phishing simulators that can send suspicious emails that are actually harmless to see if employees would fall for a phishing scam.
  • Anti-spam, anti-malware, and anti-phishing software: There are several cloud service software packages that include anti-spam, anti-malware, and anti-phishing support. This technology can identify and stop phishing emails before they even get to a user’s inbox.
  • DNS authentication services: DNS authentication services that include SPF, DKIM, and DMARC protocols help prevent fake websites (spoofing) and impersonation. With DNS authentication, users are blocked from visiting sites that are flagged malicious by the software.
  • Anti-impersonation technology: One of the cornerstones of phishing attacks is the criminal’s use of impersonation. Anti-impersonation technology scans inbound emails and detects abnormalities in headers, domains, and suspect body content.

Cybersecurity Services from Everound

At Everound, we make it our business to protect our clients from phishing and cyberattacks. As a managed IT services provider, we offer comprehensive cybersecurity solutions to protect organizations from phishing, data breaches, dark web threats, malware, viruses, and more.

Unsure if your business is protected and able to sustain a cyber threat? Reach out today for a free cybersecurity audit. We will take a look at your current IT infrastructure, assess vulnerabilities, and work with you to come up with a robust cybersecurity plan. Let us focus on your IT, so you can focus on your business.

Working remotely may have eliminated nuisances like a daily commute, but it also means you’ve likely been hit with digital overload. Even if you are in the office every day, you may still have a cluttered digital life that is getting in the way of productivity and even adding to your daily stress level.

Cluttered digital lives affect us much in the same way as a cluttered home. It can take longer to find something you’re looking for, create anxiety and stress, and slow down your productivity. From messy desktops (quick – how many files are saved on your desktop right now?) to blurred lines between work and home, a cluttered digital life can start to interfere with your day-to-day.

How do you break the cycle of a cluttered digital life? Let’s take a look at how to declutter your digital life and what benefits you will enjoy after you go through the process.

Ways to Reduce Digital Clutter

If you suffer from a messy digital life, have tech fatigue, or merely want to improve your productivity at work, here are ways to declutter your digital life at work (and home, too!):

Create a Digital Separation: One of the biggest hurdles that has popped up over the last decade, and even more in the last two years, is a very blurry line between work and personal life for many workers. How many times have you been working on a project one minute, then the other minute you are emailing teachers about your child’s homework?

While multitasking is certainly admirable, jumping back and forth can create inefficiencies. Set aside time either that is most convenient during your day to focus on non-work-related digital tasks. While you may not be able to stick to this 100% of the time, it can help you reduce some of the digital “noise” in your life.¬†

Turn Off Notifications: The average smartphone user gets as many as 63.5 notifications per day. Add on top the countless desktop computer notifications from emails and websites you quickly understand how being connected through our digital lives creates unnecessary clutter.

If you constantly pickup up your smartphone to reply to a text message or check social media notifications or stop a task to respond to an email, consider turning off notifications during your workday. Most smartphones can “snooze” notifications or go into “do not disturb” mode.

Clean Your Desktop: You know that feeling when the entrance to your home is cluttered with shoes, sporting equipment, toys, and yard tools? It feels chaotic and unmanageable.

Your desktop is very similar to your foyer or entryway – it’s the first thing you see when you sit down at your desk. Cluttered desktops can create a sense of disorder. Instead of saving a file to your desktop out of convenience, save it in its proper place from the start.

Create a Folder System: A good folder structure can save you time and help improve productivity at work. Not sure where to start or how to organize your folders? It’s best to come up with a system that mimics how you work.

Do you work on one project at a time? Set up folders by project name. Work on a time-based system? Set folders up by month or quarter.

Pro tip – create a template that contains your desired folder structure and copy and paste it for each new project or task.

Delete Contents of Downloads Folder: Your downloads folder is a key factor in your computer’s operating system. Many people overlook their downloads folder when trying to free up space on their computer, however, this is a very easy task to do to help keep your computer running in tip-top shape.

Deleting digital files you don’t need is generally good maintenance and doesn’t harm your computer. Not sure where to find your downloads? Check out this step-by-step guide on where to find your files.

Clear Out Your Email Inbox: Ugh – the dreaded email inbox! Chances are you have hundreds of emails sitting in your inbox. This creates an unmanageable “to-do” list and not only can it be stressful it can also make things hard to find easily and quickly.

Just like your folder system for saved files, create a folder system within your email inbox to help you organize and sort emails. There are many ways to approach this task, either by sorting by sender, topic, or follow-up. Many email platforms have built-in tools to keep you organized, too. Outlook, for example, offers a “follow-up feature” that will let you tag certain emails and assign a deadline for follow-up.

While you may never get down to just a few emails, taking time to sort and organize what you have can help you get on the path to productivity!

Click the Unsubscribe Button: Speaking of cluttered inboxes, how many emails do you receive and immediately delete without reading? Even though this takes mere seconds, unsubscribing can save you time – and stress – in the long run. Imagine opening up your email on Monday morning and not having to sort through what needs attention and what can be deleted? Get that inbox under control and keep it that way.

Benefits of a Digital Declutter

A digital declutter not only helps create control and organization in your work and personal life, but it can also have other tangible benefits. Specific benefits of a digital declutter include:

  • Fewer Distractions and Improved Productivity: When you separate your work and personal digital life, turn off notifications and digitally declutter, you will be surprised how many fewer distractions you have in your 9-to-5 day. With fewer distractions, you will have more time to focus on the task in front of you.
  • Improved Computer Performance: Anytime you delete files from your computer, it frees up memory space and more memory space = improved performance. Delete old files, emails, and even unused programs and applications to help improve your computer’s performance.
  • Reduce Stress: The biggest advantage of any kind of decluttering, whether physically or digitally, is reducing the amount of stress in your life. We could all use that, right?

Managed IT Services for Businesses 

Are you ready to start a digital declutter at work but aren’t sure where to start? At Everound, we can help you devise a strategy to create digital efficiencies for you and your team members using customized cloud services storage solutions, systematic folder structures, and creating best-practices and systems for your entire organization.

As a managed IT services company, Everound focuses on your IT so you can focus on your business. We offer IT consulting, cyber security services, disaster recovery, hardware and software installation and maintenance, cloud storage solutions, and more. Reach out today to find out how we can help you improve the information technology at your business.