Fight the Phish: How to Identify and Handle Phishing Attempts  

October 15th, 2021

What's the number one threat vehicle that results in a cyber breach? Phishing emails. While you might still see the infamous email from a foreign prince asking you to click a link so he can send you money, phishing emails are growing in sophistication. 

Phish Bait

In honor of Cybersecurity Awareness Month, Defendify empowers organizations of all sizes to do their part by being cyber smart. Implementing more robust security practices, raising community awareness, educating vulnerable audiences, and training employees make our interconnected world safer and more resilient for everyone. In this post, we're focusing on how organizations can fight phishing attacks. 

Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a supposedly legitimate contact. Interacting with a phishing email can infect your computer and/or network with things like malware or ransomware, as well as open you up to potentially stolen login credentials, personal information, or money. With an average loss of $17,700 every minute, the best approach to prevent a costly phishing attack is to know how to spot a phishing attempt and what to do when you receive one. 

Phishing Tackle

With proper training, organizations can educate employees on how to spot a phishing attempt before falling prey to an attack and handle it once identified. The number one key is to be wary of emails, text messages, or chat boxes that come from a stranger or a sender you were not expecting. Before clicking on any suspicious emails – or the links or attachments contained within – consider whether you know what they really contain and whether they are actually coming from the presumed source. Purporting to be a respected sender, attackers can send emails to specific and well-researched targets to gain access to personal or company information.

Phishing simulation emails sent to employees can be designed to mimic real-life phishing attacks in execution and style. These simulated attacks will help guard an organization against social-engineering threats by training employees on the right tactics to identify and report them. Regular but randomly sent phishing simulation emails help protect employees from falling victim to an actual phishing attack by keeping them alert and knowing what to be on the lookout for.

When in Doubt, Check it Out.

If you're unsure of a potential phishing message, the best thing is to verify a sender's authenticity through a different method. Contact the purported sender through a phone call, instant message, or text message – and not by responding to the original email – to ensure you do not fall prey to a phishing attack. 

While it may not be possible to stop every phishing attack, there are steps that organizations – and individual employees – can take to build a strong cyber posture and limit the opportunity for bad actors to get ahold of sensitive information. Check out our recap of a recent webinar on how to mitigate advanced phishing attempts. 

Put that Phish on Ice

Get tips on how to fight phishing attempts by taking on the Cyber Food for Thought Awareness Challenge. Show you can improve your cybersecurity for a chance to win one of five $100 gift cards from Goldbelly, the online marketplace for regional and artisanal foods.

Cyber Food for Thought Challenge

As part of the challenge, watch How to Spot a Phish: Tips to Spoil Advanced Phishing Attempts and register for Defendify's Lunch N' Learn presentation, Keep Away From Cyber Nightmares.

If you're hungry for more cybersecurity awareness, check out these additional resources from Defendify's associations:

Cyber Readiness InstitutePhishing Awareness Checklist

NCSACustomizing End User Cybersecurity Education Tip Sheet

CompTIA4 Steps to Building Better Cybersecurity

Your cart