Protect Your Business from Phishing Attacks

Don't Take the Bait: Protect Your Business from Phishing Attacks

On a typical Monday morning, a local engineering firm received an email that looked like it was from their bank. The message was well-written, free of spelling mistakes and even had the bank's logo on it. But something about it didn't feel right. The email claimed that their account had been compromised, and they needed to verify their information immediately—or risk losing access to their account.

As the team reviewed the email, they remembered the security training they had received the week before. They recalled that legitimate banks would never ask for sensitive information via email, and that they should always verify the authenticity of such messages. The team decided to call the bank directly using the phone number on its official website to confirm the email’s authenticity.

How Phishing Works and Why It Foils Smart People

Phishing attacks, like the one the team almost fell for, are designed to trick you into revealing sensitive information. They often create a sense of urgency, claiming that your account has been compromised or that you need to take immediate action to avoid a penalty. The goal is to get you to click on a link or provide sensitive information, such as your password or credit card details.

To protect yourself and your business, it's essential to be aware of these tactics. Here are some red flags to watch out for:

• Identity tricks: Be cautious of emails that ask you to verify your identity or login credentials. Legitimate organizations will never ask you to do this via email.
• Urgency tactics: Don't fall for emails that create a sense of panic or demand immediate action. Legitimate organizations will give you time to respond and verify the authenticity of the message.
• Money change tricks: Be wary of emails that ask you to update your payment information or send money to a new account. Legitimate organizations will never ask you to do this via email.

Got a Weird Email? Here’s What to Do

•  Don’t Click Anything
•  If an email looks off, slow down. Don’t click links or call numbers in the message.
• Instead, go to the company’s official website or use a phone number you already know to check if it’s real.
• Report It
• Forward the email to reportphishing@apwg.org
• File a quick report Report at Fraud.FTC.gov
• If the email talks about money or bank details, follow your company’s Banking Fraud (BEC) steps before moving any money bank details 

•  Unplug the device and disconnect from Wi-Fi or the network
•  Change passwords fast and remove any suspicious app permissions.
•  Reset the account’s password and remove any suspicious app permissions.
•  Review your Email Settings 
•  Notify your IT person or support team, and alert any vendors or clients who might be impacted

How to Make Phishing a Lot Harder to Pull Off

·     Lock Down Email

•   Set up protections like DMARC, SPF, and DKIM (your IT support can help)
•   Block emails from automatically forwarding outside your company
•   Add a banner to flag emails from outside senders

·     Keep Accounts Safe

•  Turn on strong multi-factor authentication (MFA)
•  Give admin access only to those who truly need it
•  Review who has access every few months

·     Train Without Boring Everyone

•  Do quick, fun phishing tests once a month

·     Always Double-Check Payments

•   Any time there’s a change to bank info, payroll, or vendor payments, call back using a number you already trust, not the one in the email.

Ready to strengthen your defenses?

Don’t wait until a phishing attack catches you off guard. Visit www.coxbusiness.com or contact our team today to learn how Cox Business can help protect your company with smart, scalable cybersecurity solutions.