Phishing attempts can be devastating for both an individual or an organization, but you can avoid disaster by following these six simple steps.

Companies and individuals alike are constantly being bombarded by phishing attempts. Through a phishing attempt, a cyber criminals will attempt to request confidential information from you, often login information to another system. Once they gain access, they will either try to secure digital documents or financial information. Phishing is often a prelude to identity theft, but it can be protected against. You just need to know how phishers think.

1. Phishers Aren’t Exactly Creative

There are probably some genius phishers out there, but for the most part they are individuals who are just trying to get the job done. And because of that, they are going to use a lot of similar tactics time and time again. Phishers even tend to reuse headlines. According to KnowBe4, the top 5 phishing headlines for Q2 2017 were:

  • Security Alert
  • Revised Vacation & Sick Time Policy
  • UPS Label Delivery 1ZBE312TNY00015011
  • BREAKING: United Airlines Passenger Dies from Brain Haemorrhage
  • A Delivery Attempt was made

Once you start recognizing these types of headlines, you’re pretty likely to avoid phishing attacks.

2. Phishers Are Looking for, Well, Gullible People

Have you ever wondered why so many scam emails look like they might as well be scrawled in crayon? Well, it’s intentional. Scam emails are riddled with misspellings and grammatical errors not only because the scammers couldn’t care less, but also because they’re intentionally looking for people who aren’t paying attention. And even if you may know that the word “PayPal” isn’t spelled ‘PayPel,” it can be easy to overlook when you’re in a rush.

Many phishing attempts can be avoided simply by reading your emails carefully. While it’s possible that a Fortune 500 company may send an email blast with a glaring typo in it, it isn’t common. Lazy mistakes are one of the easiest ways to spot a phishing attempt.

3. Phishers Just Want Your Data

It may seem to be obvious, but it’s actually important to remember: phishers want data. Specifically, they want biographical information, financial information, and account information. By remembering that, you can be wary anytime someone asks you for any of this information. Your bank shouldn’t ask you for this. Your website accounts shouldn’t ask you for this. No one but a phisher should ever ask you for this information.

Most phishers are going to try to override your common sense by trying to introduce some element of urgency. See “Security Alert,” which is designed to panic you into thinking that your system is already compromised — or “A Delivery Attempt was made,” which makes you think that you could be missing an expensive or important package. These things are designed to make you feel as though you need to take action now.

But in life, there are seldom things to do with our financial or home security that has to be done immediately. Even banks have business hours. Take some time to think things through and you can avoid most phishing attempts.

4. Phishers Can Send Anything from Anywhere

Just because it comes from doesn’t mean it’s actually from there. Phishers spoof email addresses very effectively. They can also make an email look exactly like the email that you got from Amazon, eBay, or PayPal — and they can make a pretty educated guess that you have an account there. It’s even possible that a phisher may know your name.

Nothing can be taken for granted when it’s in your email, because email is actually a very insecure kind of platform. Email is a lot like physical mail: anyone can stick anything in there, regardless of legitimacy or where it actually came from. This is why you need to be skeptical, because everything can look extremely legitimate but not be.

Whenever someone is requesting information of you, it’s best to request information back from that entity directly. That means get on the phone with PayPal’s customer service or send a direct email to Amazon’s customer support. They will let you know if there’s truly a problem.

5. Phishers Like to Prey on Greed

And it makes sense; they’re greedy, so why shouldn’t you be greedy too? Phishers don’t just try to use a sense of urgency; they also try to draw you in with things such as “limited time offers.” Anything that seems too good to be true likely is; when was the last time someone walked up to you on the street and offered you $500?

Because of this, you need to be very skeptical anytime someone is offering you something — especially for nothing. That doesn’t mean you shouldn’t open a 10% off coupon from Nordstrom, but it does mean that an advertisement for a “free vacation” is probably just looking to collect your identity.

6. Phishers Can Be Defeated by Technology

Finally, would you believe that technology can often identify phishing attempts better than people? Technology has advanced enough that artificial intelligence now has the common sense to detect a lot of phishing attempts — and that can be a boon for anyone who is running a business and wants to make sure their employees are on the same page. Because let’s face it: it’s probably not going to be you who opens a phishing email in your office, it’s probably going to be someone in accounting.

Modern technology can conduct very comprehensive scans for phishing attempts, thereby greatly reducing the amount of potential risk. And that is exceptionally important for businesses looking to scale up.

Phishing attempts are increasing dramatically as cyber criminals both gain resources and learn newer, more sophisticated ways to get past security systems. Because of that, companies need to be incredibly proactive — and all individuals need to follow the above six tips. If you want to learn more about securing your {city} company from these and other threats, contact {company} at {phone} or {email}.