Phishing fools the best employees. Impersonation has become slick – emails look nearly identical to those you’d get from a bank, shipping service, or online retailer. Even government agencies get used to perpetuate the scam.  

6 Phishing-wary Best Practices

  1. Recognize the sender’s email address. Then stop. Look again, and don’t click on the link or open the attachment. If the topic seems even a hair out of character for the sender, it may be coming from a hacked account.
  2. Hover your cursor over the suspect link. If the heading says it’s from your bank but the web link that you see when you hover your cursor over the link doesn’t match, don’t click the link!  It would be a good idea to report these scams to your bank or other legitimate sender you may communicate with.
  3. Don’t recognize the email address or sender? Definitely don’t click. And perhaps let your IT department know a strange email is in your Inbox.
  4. Weren’t expecting an email from this sender? Use the telephone! Yes, an old-fashioned call to verify that the email is legitimate could save your company a world of hurt.
  5. Pay close attention to emails directing you to websites that look just a little off. Fake sites often impersonate real ones.
  6. Update software security and anti-malware software when it’s released. Don’t swipe it off the screen or keep clicking “install later.” That’s the kind of procrastination cyber attackers count on.
  7. Backup data frequently, then test those backups. You want to know that a data restore action actually works. If it doesn’t, rethink your backup strategy.

Your best bet to combat phishing attacks? Workforce awareness.


By Chris Apgar, CISSP