Email has transformed business and personal communications forever. It also saves businesses time and money. However, email has a dark side because criminals can use it to launch phishing attacks.

What Is Phishing?

Not to be confused with fishing or the rock band Phish, phishing is a technique attackers use to try to bait victims into believing they’re someone they’re not. Most phishing attacks are made using email, but criminals use other methods.

According to Verizon’s 2022 Data Breach Investigations Report, 20% of all data compromises occurred last year due to phishing.

Cybersecurity concerns are top of mind

Who’s at Risk of Phishing Attacks?

You and your employees are at risk of phishing attacks. Some attacks may be on all employees, while others target specific people. Those targeted the most often include senior executives and their assistants, system administrators, help desk employees, and those with remote access or access to sensitive information. However, anyone can be targeted, and anyone can be a victim of a phishing attack.

Save on business insurance - CTA

Related Posts

Sign Up for ZenMail

The best of Zensurance news, tips, and resources are delivered straight to your inbox.


What Types of Phishing Attacks and Scams Are There?

There are numerous ways criminals will try to attack you. Here are some of the most common types of phishing attacks:

  • Email phishing. This is the most common type of attack. It’s typically sent to as many people as possible within an organization. There is usually a sense of urgency in the message, asking the recipient to respond as quickly as possible. A malicious link in the email may bring them to a fake webpage to fill in some personal information or a request to buy gift cards and include the codes in the response.
  • Spear phishing. This is a targeted attack sent to a select few individuals at an organization. Criminals may impersonate someone the targeted individual works with or knows. The email will typically include the recipient’s name to make it more personal. Again, there may be a sense of urgency included in the email.
  • Whaling. In this instance, a senior executive (known to criminals as a bigger fish) is targeted. The email will typically force the recipient to act because of the content of the message, such as the intention to sue the individual or the organization.
  • Business email compromise (BEC). A criminal will successfully take control of an executive and use their account to get employees to do their bidding, such as sending a wire transfer. BEC is also known as CEO fraud.
  • Vishing. This is also known as voice phishing. A call will be made from what appears to be a financial institution or government body, claiming that a large sum of money is owed or there’s suspicious credit card activity. The criminal may ask to verify their bank account information or credit card details.
  • Smishing. Criminals can send SMS or text messages to pose as a legitimate organization. Included in the message will often be a malicious link that will require the user to enter some personal information.

While social media phishing is another type of phishing attack done through one of those platforms, criminals have become much more sophisticated over the years by using social media to gather information. They can look up potential victims on Facebook or LinkedIn and quickly be able to find their friends, co-workers, and business contacts. Criminals can use this information and pose as someone in a potential victim’s network or circle of friends. That is called social engineering.

How to Recognize a Phishing Attack

The federal government suggests you should look out for red flags in a message, such as:

  • Language that pressures you to act quickly
  • Requests for personal information or to verify passwords and information
  • Spelling and grammar mistakes
  • Email addresses or links that look suspicious
  • Blurry images or a design that doesn’t look professional

What to Do If You Suspect a Phishing Attack and How to Report It

If you’re not sure whether an email is a phishing attack, the best plan of action is:

  • Don’t click on any links. Check out the organization in your web browser for more information. That way, you know you’re getting information from a legitimate source.
  • Don’t download unexpected files. A legitimate organization typically won’t send you files or forms without telling you ahead of time.
  • Contact the sender directly. Don’t reply to the message. Instead, reach out to the sender by finding the contact information on their official website.
  • Report it. Notify your IT or security department immediately. Don’t forward the email to any other co-workers because they may accidentally click on something. You should also notify the federal government’s Canadian Anti-Fraud Centre.

4 Ways to Prevent Phishing Attacks

If you want to know how to prevent phishing attacks, here are four tips to keep in mind:

1. Remove phone and email addresses from your website

While this information is good to have from a customer service standpoint, it also makes it easier for criminals to target your company and employees.

2. Ask your employees to avoid oversharing on social media

You can ask employees not to reveal their location, job position, work email address, screenshots of conversations, and phone numbers and addresses on social media. On Facebook, it makes sense if nearly all that information isn’t in their profile. However, many may balk if you ask them to exclude their job position or location on LinkedIn.

3. Improve cybersecurity measures

You should consider doing the following: use email security systems to filter out potentially hazardous emails; block users from accessing certain sites through website filtering; use strong passwords, change passwords frequently, and use different passwords for different devices and accounts; avoid inputting personal information on unsecure sites (those with ‘http’ in the URL instead of ‘https’), and install security updates for software or devices as soon as they’re available instead of waiting for a more convenient time.

4. Educate yourself and your employees

Knowing what a phishing attack looks like can help prevent them from being successful. Cybersecurity training should be mandatory for everyone at your organization.

Can Insurance Protect Your Business From a Phishing Attack?

While there isn’t specific coverage for phishing attacks, there is cyber liability insurance. It helps protect your business if you or one of your employees falls victim to a phishing attack.

Ultimately, there’s no guaranteed way to stop phishing attacks from occurring.

However, in addition to ensuring you have adequate cyber liability protection, phishing attack prevention starts with taking additional cybersecurity measures and recognizing what could be a malicious attempt to steal information from you. Educating both yourself and your employees about how to prevent phishing attacks can save you trouble and money.

Recent Posts

  • Online shopping scams

How to Avoid Scams When Selling Online

By |December 18th, 2023|

Every retailer selling online or online sellers using third-party marketplaces risks falling prey to fraud and cybercrime. During the busiest shopping season of the year, here are common scams to be wary of and the steps to take to protect your business.

Share This Story:

About the Author: Craig Sebastiano

Craig Sebastiano is an award-winning business writer based in Toronto. He has written for a variety of financial publications and websites. He has written about several topics, including investing, insurance, real estate, mortgages, credits cards, banking, pensions, saving for retirement, and taxes.