It's not as easy as it once was to spot and avoid phishing attacks. Yes, lots of attempts never make it to inboxes these days, and others are sent to spam or junk folders, but it only takes one click to cause damage.

The biggest advantage in today's fight against phishing attacks and threats? Not even the best scammer can outsmart skepticism.

Let's examine the three main ways phishing attacks disguise themselves as bait to lure you in, the hooks used to harm you, and the best defenses at your disposal.

The Lure

An enticing, yet flawed, email featuring any of these traits:

  • Sender notes seeing suspicious activity on an account of yours and asks if you need assistance
  • There’s a request for payment to restore account settings or update your credentials
  • A request to confirm personal information or provide personal / company financial account details
  • Provides a link or attachment with a fake purchase order or invoice
  • Offers a link to pay a bill (when you scroll over the destination, it’s fraudulent and doesn’t match the company’s secure portal)
  • Notifies you of a refund or rebate you can claim
  • Includes a “coupon” link or attachment

The Hook

Malware or ransomware lying in wait to snag you. If it’s phishy, steer clear and don’t bite! Even when scammers use “live bait” and it looks legitimate, scan to check for the hook first. Here are a few things to look for:

  • Egregious spelling and/or grammatical errors
  • Links specifically stating to update credentials or payment information
  • Urgency to act fast…or else

The Defense

There are several proactive steps you can take to mitigate your desire to bite and help protect your credentials even in the event you do release them.

  • Install security software and set your systems to automatically update so you’ll have the latest patches and capabilities to deal with the latest threats before they even reach your inbox
  • Enable multifactor authentication, which requires an additional security barrier to hurdle, beyond your username and password by providing:
    • a passcode sent to a secondary device or account
    • an additional question to answer
    • a biometric identifier like a fingerprint, eye scan, or facial recognition
  • Back up your data to external hard drives and store information on secondary servers or cloud providers in case you need to recover from a ransomware attack

The key is NOT acting and giving way to your emotions or human nature to respond.

No one ever got phished from not clicking, not downloading, or not opening fraudulent links or attachments!

By training and testing employees and staff regularly on cybersecurity awareness, you can educate your organization to safely steer clear of any attacks that do make their way through to an inbox.