The Phishing Expedition You Want to Avoid This Summer

Take these 12 steps to avoid an undesired visitor to your company's information or personal data.

learn more about Robert Siciliano

By Robert Siciliano • Jun 6, 2014 Originally published Jul 7, 2014

Opinions expressed by Entrepreneur contributors are their own.

It's as easy for hackers to phish out your business' personal data as it is to sit in a canoe on a still pond, cast the bait and wait for the fish to bite.

Malware attacks have become more pronounced than ever against banks. A report "The Invisible Web Unmasked" notes that just from July to September 2013, more than 200,000 new attacks occurred. This was made possible, in part, by the decision makers at banks (and other businesses) who fail to instill an anti-phishing mind-set in employees.

Related: The Internet of Things: New Threats Emerge in a Connected World

Despite the threat of malware attacks, many businesses continue to fail to teach employees about phishing scams, a favorite and extremely prevalent scam of cybercriminals.

One type of phishing scam is to lure a user onto a malicious website. ZeuS (Zbot) is such an example, planted on websites. If a user visits that site, it will download a virus onto a device that will steal the user's online banking information, then forward it to a remote server, where the thief can obtain it.

But that ingenuity is contingent upon an individual's being gullible enough to open a phishing email and then click on the link to the malicious site.

And who are these gullible users? Probably someare your employees. One report by the security training firm ThreatSim says that 18 percent of phishing emails are opened on the job, Eweek reported. People in the workplace are being lured into clicking on a malicious link.

Though some of this might arise when employees are fiddling around with personal affairs on the company computer or mobile device, sometimes this clicking is done because the employee believes that an email is business related.

Decision makers should mandate monthly training sessions for employees to make them phishing-proof.

Without training sessions, employees will be led to believe that their company routinely communicates urgent information to them via emails with links. According to a recent report, one particular phishing operation netted a 27 percent click-response rate.

Another factor in the likeliness that a business's device will become infected is if it has outdated versions of commonly used software such as Adobe Acrobat and Microsoft Silverlight.

Even if you believe that your company's phishing attacks are minimal, a small amount of this type of cyber assault can result in significant costs to a company, involving such things as cleaning up the damage, plus employee downtime during the operation:

Employees should be cautious about the following, according to the Anti-Phishing Working Group:

Related: CEOs Can No Longer Sit Idly By on Cybersecurity

1. Be careful about email from an unfamiliar sender. If it's earthshaking news, notified will probably come in person or via a voice phone call.

2. Don't trust an email from an employee that requests personal information, particularly financial data, or to donate to a charity. Even if the message contains the name and logo of the business's bank, phone the bank and inquire about the email.

3. Be suspicious of an email requesting credit card information, a password or a username.

4. Be wary of an email subject line that's of an urgent nature, particularly if it concludes with an exclamation point. Never rush to click on an email no matter how urgent the subject line appears.

5. Consider never clicking on links in emails. To visit a site, do a web search to find it.

6. Use a password manager to access online statements instead of clicking on the links in estatements.

7. Keep the computer browser up-to-date.

8. If a form inside an email requests personal information, enter delete to chuck the email.

9. Use the most up-to-date versions of Chrome, Internet Explorer and Firefox offer optional anti-phishing protection.

10. Check out special toolbars that can be installed in a web browser to help guard a user from malicious sites. This toolbar provides fast alerts when it detects a fraudulent site.

11. Use anti-spyware, antivirus and anti-phishing software and a firewall.

12. Stay out of the spam folder. Most phishing attempts end up in spam and lots of fish get caught there.

Related: Cybersecurity Basics: Surf the Web Safely With These Browsers

Robert Siciliano

Personal Security, Privacy and Identity Theft Expert

Robert Siciliano, CEO of, is committed to informing, educating and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.

Related Topics

Editor's Pick

This Co-Founder Was Kicked Out of Retailers for Pitching a 'Taboo' Beauty Product. Now, Her Multi-Million-Dollar Company Sells It for More Than $20 an Ounce.
Have You Ever Obsessed Over 'What If'? According to Scientists, You Don't Actually Know What Would Have Fixed Everything.
Most People Don't Know These 2 Things Are Resume Red Flags. A Career Expert Reveals How to Work Around Them.
Starting a Business

5 Ways to Expand Your Pet Sitting and Dog Walking Business

The new book, Start Your Own Pet Business, details easy ways to add new revenue streams to your biz.

Business Ideas

55 Small Business Ideas To Start Right Now

To start one of these home-based businesses, you don't need a lot of funding -- just energy, passion and the drive to succeed.

Business News

Massive Fire At Top Egg Farm Leaves Estimated 100,000 Hens Dead. What Does This Mean For Egg Prices?

Hillandale Farms in Bozrah, Connecticut went up in flames on Saturday in an incident that is still under investigation.

Business News

Survey: A Majority of Americans Are Living Paycheck to Paycheck

Sixty-four percent of U.S. consumers live paycheck to paycheck — even those who earn more than $100,000 a year.

Business Solutions

5 Procurement Trends To Keep on Your Radar for 2023

Procurement professionals must adapt to inflation and a shortage of skilled labor in the face of an economic recession. Investing in a workforce paired with retraining and development strategies will put your company on top amid economic uncertainty.