Blog

If you have an email account, then chances are you have encountered your fair share of phishing and other forms of spam email messages.

Every day, 14.5 billion spam messages are sent, according to Spam Laws. That accounts for 45 percent of all email sent every day.

Email clients apply filters and separate most spam from your general inbox, but there will almost always be a message every so often that works its way through the filter. You can train your spam filter to recognize spam as much as you want - and you should - but certain types of malicious emails will still fool your filter - especially phishing scam emails.

As a business, phishing scams represent a serious potential vulnerability. It's important to know how to spot this type of spam that can sometimes find its way to your inbox and not the junk folder.

Once you know what to look for - how phishing is disguised - you can prevent a malicious email from stealing your business's data or other sensitive information.

What is phishing?

Phishing is a type of email message fraud in which the sender pretends - sometimes very convincingly - to be someone or some organization that they are not. This spam scheme is used to trick recipients into revealing information, including passwords, credit card numbers and other private information you would not want just anyone having.

Some hackers have even been known to convince recipients to click links to fake invoices and inadvertently download malware.

As a business, phishing scams represent a serious potential vulnerability. It's important to know how to spot this type of spam that can sometimes find its way to your inbox and not the junk folder.

Why phishing is a serious concern for businesses

The data that shows how phishing and other spam email are sobering enough.

Every year, spam ends up costing businesses billions of dollars due to lost productivity and the related technical expenses of dealing with spam. In 2016, three out of four companies were victims of phishing scams.

An FBI report cited by Inc. Magazine noted that criminals made $676 million in 2017 from email phishing attacks in which the sender tricked company executives and accounting departments with fake invoices.

These phishing attacks can affect businesses of every size. Even Facebook and Google fell victim to a major phishing scheme in 2017, costing the corporate giants $100 million.

If tech giants can fall for phishing, then anyone can. But there are ways to prevent becoming a victim.

Some phishing email giveaways

Some phishing emails are easier to detect than others. The less sophisticated attempts to separate you from your personal or business information have a few giveaways that should raise red flags.

Any email with numerous or grievous typos and grammatical errors should signify that the sender may not be who they claim to be. Over-the-top urgency in the content of the email can also serve as a warning to use caution.

Also, double check the sender's email address. In some cases, a phishing attack may pretend to be a different business or organization, but the email address domain doesn't match the business's website domain name.

That should be a dead giveaway that the email message is fake.

While you're double-checking the sender's email address, you should also use caution to verify that a link will send you where it says it will. Some phishing emails mask link urls behind text to make you think the link is legitimate. When in doubt - don't click. Type the link URL into your browser.

Finally, if the message asks for your log-in information or other private data, such as a Social Security number or banking information, the message very likely could be a phishing scheme.

Reputable organizations and companies will never ask you to provide this information over email.

What to do if you aren't sure whether an email is authentic

There are steps you can take to verify the authenticity of an email.

First, though, don't reply directly to an email if you aren't sure whether it is legitimate. Try to verify by calling a trusted phone number or sending a separate message to a trusted email address.

In some cases, a sophisticated hacker may have compromised a person's actual email account. If any alarm bells go off (maybe the sender doesn't sound like themselves), reach out to that person.

It never hurts to find out whether an email is real.

Prevention is the best way to battle phishing

The best way to protect against phishing email messages is to make sure your employees know what to look for. BidPrime's Stephen Hetzel, writing for The Next Web, recommends having a policy in place that states any suspicious emails be forwarded to a single person who can then evaluate its legitimacy.

Solomon Thimothy of OneIMS writes that he recommends employees use different passwords for each of the services and platforms that they use for work. There are tools that can help relieve you of the burden of remembering all these different passwords, too.

Your company should also have reliable antivirus software, according to Andrew Schrage with Money Crashers Personal Finance. We couldn't agree more. As Andrew points out, too many businesses overlook this simple-but-critical security measure.

Read more tips from The Next Web.

Protect your business's data

The FTC has several recommendations for protecting your business from phishing attacks.

Among them, are regularly backing up your data, keeping all your software up to date and using email authentication technology that can screen against suspicious emails before they reach your inbox.

Partner with a knowledgeable IT services provider

It takes a lot of time and resource investment to stay updated on phishing and other security risks your business may face. That's why it's important to find an IT services provider that is both knowledgeable of prevention techniques and solutions for when your business may have been compromised.

The Advanced Network Professionals team are experts in their fields, including network security. And we're ready to help you protect your company.

Get in touch and we will identify possible security solutions for your business.