Get All Access for $5/mo

How to Identify 5 Common Phishing Attacks The likeliest cyber threat individuals or small companies will face is an email with an urgent tone and prying questions.

By Ken Levine Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Shutterstock

Phishing attacks are emails or malicious websites (among other channels) that solicit personal information from an individual or company by posing as a trustworthy organization or entity. The goal of a phishing is to trick the recipient into taking the attacker's desired action, such as providing login credentials or entering identifying information into a fraudulent website. These websites may contain malicious code that executes on the user's local machine when a link is clicked from a phishing email to open the website.

Entrepreneurs and small businesses can be especially vulnerable to these types of threats, as many of these organizations lack the full-featured network and data security processes and protocols that large organizations employ. Vigilance will help prevent an individual or organization from falling victim to a phishing attack that puts sensitive personal and corporate data at risk.

Related: The Phishing Expedition You Want to Avoid This Summer

5 types of phishing attacks.

Phishing attempts most often take the form of an email that seemingly comes from a company the recipient knows or does business with. USA.gov lists some widespread phishing scams reported from agencies and corporations, revealing that phishing emails can take many forms. Five of the most popular forms of phishing attacks are:

  1. Emails from people claiming to be stranded in a foreign country, asking you to wire money so that they can travel home.
  2. Emails claiming to be from reputable news organizations capitalizing on trending news. These emails generally ask recipients to click a link to read the full story, which in turn leads the user to a malicious website.
  3. Emails claiming to be from organizations like the FTC and FDIC, referencing complaints filed or asking recipients to check their bank deposit insurance coverage.
  4. Emails threatening to harm recipients unless sums in the thousands of dollars are paid.
  5. Emails claiming to be a confirmation of complaints filed by the recipient. Not having logged any complaints, recipients are inclined to click on these links to find out what is being referenced. The links and attachments contain malicious code.

Phishing emails can take other forms, but all types make it difficult for recipients to filter out phishing emails from legitimate messages.

Related: IBM Uncovers New, Sophisticated Cyber Scam Targeting Businesses

How to identify phishing attacks.

Phishing is most often initiated through email communications, but there are ways to distinguish suspicious emails from legitimate messages. Training yourself and employees on how to recognize these malicious emails is a must for companies to prevent sensitive data loss. Often, these data leaks occur because employees were not armed with the knowledge they need to help protect critical company data. The following may be indicators that an email is a phishing attempt rather than an authentic communication from the company it appears to be:

  • Emails with generic greetings. Phishing emails often include generic greetings, such as "Hello Bank Customer" rather than using the recipient's actual name.
  • Emails requesting personal information. Legitimate companies never ask customers to enter login credentials or other private information by clicking on a link to a website. This is a safety measure to protect consumers and help customers distinguish fraudulent emails from legitimate ones.
  • Emails requesting an urgent response. Most phishing emails attempt to create a sense of urgency, leading recipients to fear that their account is in jeopardy or they will lose access to important information if they don't act immediately.
  • Emails with spoofed links. Does a hyperlink in the message body actually lead to the page it claims? Never click on these links to find out; instead, hover over the link to verify its authenticity. Also, look for URLs beginning with HTTPS. The "S" indicates that a website uses encryption to protect users' page requests, and that it's from an authorized certificate authority.

When in doubt, call. If the content of an email is raises concerns, call the company in question to find out if the email was sent legitimately. If not, the company is now aware and can take action to warn other customers and users of potential phishing attempts appearing to come from their organization.

Related: 8 Simple Ways to Minimize Online Risk

Ken Levine brings more than 20 years of startup and business leadership experience to his role at Digital Guardian. He previously served as senior vice president and general manager at McAfee (now Intel Security), via its 2011 acquisition of NitroSecurity, a developer of security information and event management (SIEM) tools, where he was CEO and Chairman.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

At Age 15, He Used Facebook Marketplace to Start a Side Hustle — Then It Became Something Much Bigger: 'Raised Over $1.6 Million'

Dylan Zajac, now a 21-year-old senior at Babson College, wanted to bridge the digital divide.

Side Hustle

'I Just Hustled': She Earned More Than $300,000 Wrapping Gifts Last Year — and It All Started With a Side Hustle

When Michelle Hensley lost her husband to cancer, she needed to figure out how to earn an income for her family.

Franchise

McDonald's Announces the Return of the Snack Wrap in 2025 — Here's What to Expect From Its Comeback

The decision comes after years of persistent customer demand for the portable snack, which debuted nearly two decades ago.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

OpenAI Just Released Its Text-to-Video Generator, Sora. Here's How the New AI Could Impact Small Businesses and Creators.

Sora has a variety of use cases for businesses, from social media campaigns to video creation.

Innovation

These Entrepreneurs Created a League That Turns Gamers Into Pro Race Car Drivers: 'We're Giving Drivers a Sustainable Career Path'

Racing Prodigy's innovative E2Real sports league is lowering the high-cost barrier to entry for drivers to take their passion to the track.