How to Protect Your Company Against Phishing Attacks

How to Protect Your Company Against Phishing Attacks

Email phishing scams have shown no sign of slowing down since they first appeared in the mid-90s. Unfortunately, scammers have evolved to become much savvier and devious than the infamous Nigerian prince scams of old (the one where someone is in prison unjustly/kidnapped/exiled and can’t escape without your (monetary) help).

There are two main types of phishing emails:

One aims to get targets to click on links that will install malware, or viruses, on a device.

The other tricks their target into giving up personal information like usernames, passwords, and even cell phone numbers.

Because phishing is so prevalent today and because the financial consequences could be dire, we’ve compiled simple ways to recognize and prevent phishing attempts from being successful against your business.

First, it is important to make sure that all computers and other devices used by employees have security installed on them. This should help prevent the malware type attacks. Also, employees should have any new updates set to auto install if your company is not currently using a centralized patch management solution. Many times new versions are released to fix security holes, and if you don’t update right away, you can leave yourself open to attack.

Other things to watch out for:

  • If you are unsure, always look for the source of the email. If you hover or click on the sender name, you can view the email address to see if it is legitimate. In most phishing situations, the name is one taken from your contacts, but the email address is clearly not your contact.
  • Emails with grammatical errors are always suspicious. While people do make mistakes, emails from companies are often pre-written to mass send out and have been proofread multiple times. This also applies to emails from companies that you have an account or a relationship with, that don’t address you by name (e.g. Dear Customer).
  • If an email directs you to a website that you think looks legitimate, check to see if the URL has a lock icon in front of it. This means that the website is secure. You can also examine the full URL by clicking in the bar. If there is something at the beginning that you don’t recognize as the business name ( e.g. ), the website is a clone of the original and not safe.

Overall, educate your employees to have a mindset that when hesitant about the legitimacy of an email, to go directly to the website rather than using the links in the email, or call an official number found online rather than in the email. Additionally, if you know the real person contacting you, call or email them directly. This will fix any legitimate issues without exposing yourself to potential risks.

The more wary employees are with emails, the less chance there is of a company falling victim to a phishing scam.


This article was written by Heather Bowers, a graduate of West Chester University, who is interning with Kistler Tiffany Benefits.