Contact us today!

FRS Pros Blog

Have You Prepared Your Employees to Catch Phishing Attempts?

Have You Prepared Your Employees to Catch Phishing Attempts?

While it initially sounds promising to hear that the number of data breaches seen last year went down significantly, it is important to recognize that the number of data records leaked as a result more than doubled. One clear cause was the resurgence in the use of the underhanded malware variety known as ransomware. With this suggesting an increased threat of ransomware incoming, can you confidently say that your business’ team is ready to deal with it?

For your business’ data and operations to remain secure, you will need to take a two-pronged approach—both teaching your team to avoid phishing and evaluating them on their overall preparedness through simulated attacks.

How a Phishing Attack is Carried Out

To start, let’s review the overall process that the average phishing attack tends to follow:

  1. Posing as someone else, an attacker sends a message.
  2. This message can be written in a few different ways, framed as an enticing offer, a very unremarkable email, or a serious alert.
  3. Whatever the case may be, the user is encouraged to react by opening an attachment or following a link.
  4. Because these elements are what introduces the actual threat, these emails can often bypass security protocols and reach the unsuspecting target.

This—and the fact that a phishing attack against you is practically guaranteed to happen at some point—is precisely why it is so important that your team is prepared to spot them as they come in.

Elements to Identifying a Potential Phishing Attack

Have Your Team Think Like a Hacker

Hackers and scammers are unfortunately very crafty when it comes to their schemes, often tying in current events to add some perceived legitimacy. The past year has seen no shortage of COVID-19-themed phishing attacks, seeming to offer updates and information.

Hackers rely on user panic and impulsive reactions, so reinforce the importance that your users take an extended look at them before acting on them.

Demonstrate Risky Links

Hackers will also commonly use spoofed links to fool their targets. A spoofed link can take a few forms, but regardless of how it looks, it will direct a user to a website different from the one they expected to go to.

Spotting these links can be tricky, so here are a few best practices to follow. Let’s assume that the spoofed link is meant to look like one that directs to the payment application Venmo as we go through some examples:

If the email is from Venmo, a link should lead back to or If there is anything strange between “venmo” and the “.com” then something is suspicious. There should also be a forward slash (/) after the “.com.” If the URL was something like, then you are being spoofed. Everyone handles their domains a little differently, but use this as a rule of thumb:

  • - Safe
  • - Safe
  • - Safe
  • - Safe
  • - Suspicious! (notice the dot immediately after Venmo’s domain name)
  • - Suspicious!
  • - Suspicious! Don’t trust dots after the domain!
  • – Suspicious! Be careful to pay attention to the spelling!

As you can imagine, some of these tricks are easier to spot than others, so extra diligence will be called for here.

Provide Your Team with Approved Links

To be particularly cautious, you could also consider giving your team the safe versions of the URLs they are to use. That way, they can seriously investigate the validity of an email without exposing themselves to risk.

Maintain Secure Password Standards

Finally, you need to ensure that your team’s passwords are secure enough that your business isn’t vulnerable that way—because if passwords are too easy to deduce, there isn’t going to be any need for phishing in the first place. Your team should also be supplementing these passwords with additional measures like two-factor authentication, making a breach that much more challenging for a hacker to pull off.

Testing Your Team

Once you’ve taught your team the various things they’ll need to know, you should also confirm that they can apply them. A phishing test is an effective means of doing just that. In a phishing test, you have your own team members phished to evaluate how vulnerable they are to this form of attack. That way, you know where more training needs to be applied.

What a Successful Phishing Test Involves

An effective phishing test, naturally, cannot be one that is expected. Any warning you give should be vague so that your team isn’t on their guard more than they would normally be.

At the same time, you need to be ethical in how you run these tests. Too many companies have received backlash after running phishing tests with questionable tactics, and such tests don’t do much to benefit your security. As with everything else, your phishing tests cannot infringe on the trust of your team.

Speaking of trust, you can trust FRS Pros to assist you with your security needs. Call 561-795-2000 to find out more.

Test Your Backup Before You Regret Not Doing It
What Bases Should a BDR Cover?

By accepting you will be accessing a service provided by a third-party external to

Mobile? Grab this Article!


Tag Cloud

Tip of the Week Security Technology Best Practices Productivity Business Computing Network Security Privacy Hackers Software Internet Google Innovation User Tips Efficiency Cloud Hardware Data Workplace Tips Microsoft Email Communication Hosted Solutions Small Business Business Management Business Smartphones Computer Mobile Devices IT Support Cybersecurity Android Data Backup Windows 10 Collaboration Backup IT Services Tech Term Malware Disaster Recovery VoIP Smartphone Data Recovery Phishing Browser Users Upgrade Gadgets Windows Outsourced IT Office 365 Miscellaneous Communications Internet of Things Information Quick Tips Apps Ransomware Covid-19 Cloud Computing Network Mobile Device Managed Service Data Security Cybercrime Business Continuity Saving Money Social Media Health Automation Passwords Managed IT Services Operating System Microsoft Office Mobile Device Management Facebook Wireless Blockchain Two-factor Authentication Holiday Vulnerability Employer-Employee Relationship OneNote Conferencing Money Save Money Artificial Intelligence Information Technology Alert Law Enforcement Server Spam Best Practice Printing Mobile Office Applications Networking Wi-Fi Chrome IT Support Managed IT Services Managed IT Virtualization Battery Telephone Systems Access Control Tech Support Paperless Office Router Risk Management Bring Your Own Device Password Google Drive Settings Remote Vendor Data Storage HIPAA Retail WiFi Remote Workers Word Hacking Windows 10 Gmail Patch Management BDR Project Management Windows 7 Computers Managed Service Provider Data Breach Unsupported Software Augmented Reality BYOD Bandwidth App Productivity Apple Fraud Sports Management Training Instant Messaging History Sales Proactive IT Evernote SaaS User Error Telephony Mobile Security Hosted Solution Touchscreen Smartwatch Google Assistant Search Avoiding Downtime Mobility Cortana Update Hybrid Cloud Data Loss Wireless Internet Shortcut Voice over Internet Protocol Politics Audit Data Protection Wireless Charging Meetings Google Docs Going Green Social Devices Government Business Technology Software as a Service IT Management Budget Cost Management Robot Hard Drive Display Wireless Technology Human Resources Application Marketing The Internet of Things WannaCry Encryption Travel YouTube Commerce Data Management Safety Excel Payment Cards File Sharing VPN iPhone Financial Payroll Facebook Privacy Managed Services Reputation Camera Webinar Windows Server 2008 R2 Data storage Scams Organization Hacker Tablets Maintenance Access Employees Consultant AI Proactive Firewall PCI DSS Emergency Sync Chromecast Employee Remote Monitoring Storage Social Engineering Remote Computing Telephone Workstation FAQ Security Cameras eCommerce Biometrics Point of Sale Edge Projects IT solutions PowerPoint Admin Virtual Private Network Keyboard NFL eWaste Internet Exlporer OneDrive Entertainment Websites Hyperlink iOS WIndows Server 2008 Processor Regulations Compliance Compliance Break/Fix Hosted Desktop Identity Theft Identities Development Telework Charger Laptop Machine Learning Fiber Optics Office Ciminal Uninterrupted Power Supply Transportation Identity Printers Windows 10s HBO Data Theft Saving Time Computer Care Nanotechnology Innovations Device Security Private Cloud Employee-Employer Relationship Screen Mirroring Server Maintenance Remote Work Value Wasting Time Benchmarks Policy Adobe Workers Medical IT Unified Threat Management Smart Devices Vendor Management Legislation Language Micrsosoft Audits Touchpad Amazon Downtime Holidays Scam Data Privacy Solid State Drive Gifts Computing Files Gamification Keyboard Shortcuts Root Cause Analysis Managed IT Service Remote Working Education Windows Ink DDoS Emails Cast Investment Net Neutrality End of Support Accessory Computer Fan Myths Procedure Licensing Updates Recovery 5G Upgrades Sabotage Troubleshooting Samsung Comparison Disaster Hard Disk Drive Business Intelligence Solutions Outlook Humor Virtual Assistant E-Commerce Copiers Microsoft Excel IT budget Credit Cards App store Memory Managed Services Provider Reviews Google Maps Spyware Testing ROI Internet Service Provider Legal Computer Forensics Peripheral Threats Video Conferencing Microsoft Word Administrator Personal Information PC CRM Antivirus Specifications Virus IT Solutions Digital Signage Printer Streaming Media Alexa for Business Inventory Lithium-ion battery Chromebook Co-Managed Services Flexibility Music PDF Smart Technology Thank You Monitors Mobile Computing Communitications Scalability Analytics Text Messaging Television CrashOverride Congratulations Company Culture Black Market Cleaning Big Data Office tips Automobile Advertising Managing Stress USB Worker Regulation How To Books Hiring/Firing Video Games Experience Twitter Virtual Reality HaaS Work/Life Balance Current Events Electronic Medical Records Crowdsourcing Employer Employee Relationship Relocation Phone System Benefits Save Time es Cache Computer Accessories