You are here: Home Blog ClearView IT How to Prepare Your Team to Fight Phishing

ClearView IT Blog

ClearView IT has been serving the Phoenix area since 2005, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Print

How to Prepare Your Team to Fight Phishing

ClearView IT Blog Security
0 Comments
How to Prepare Your Team to Fight Phishing

While last year saw a significant decrease in its number of data breaches, the number of records that were leaked doubled… and then some. Part of this can likely be attributed to a spike in the use of ransomware, indicating a resurgence in interest of the mean-spirited malware. This means that your business may very well see more ransomware infection attempts coming its way—the only question is, are your team members prepared for them?

To keep your business and its data sufficiently secured, it will be important to teach your team to effectively identify and avoid phishing. One effective way to do it: try and phish them yourself, via a phishing attack simulation.

How Does a Phishing Attack Work?

Let’s go through the basic process of a phishing attack, just as a quick review:

An attacker, posing as someone else, sends their victim a message making some promise or threat that somehow—either through fear or temptation—coerces their contact into reacting to it, usually by following a link or opening an attachment. This methodology allows such schemes to bypass many restrictions set by security protocols and solutions, as the vulnerability it takes advantage of is the human user.

Therefore, when it comes to defending against the phishing attempts that are virtually guaranteed to target your business at some point, your team members need to be prepared. Let’s discuss what you need to teach them, and how to best prepare them to make sure they’ll overcome any they encounter.

Phishing Lessons to Pass On

Remind Them How Hackers Think

It’s important that your users are cognizant of how clever hackers and scammers can be when it comes to their ruses, and how they often take advantage of current events and information. Many phishing attacks as of late have been themed around COVID-19, pertaining to updates, warnings, and offers of personal protective equipment.

Hackers will try to capitalize on user panic and knee-jerk reactions whenever they possibly can to keep these users from thinking before they act. Therefore, it makes sense to have users look more critically at their incoming messages to evaluate whether a message seems “phishy” or not.

Provide Signs of Problematic Links

A favorite tool of these hackers is that of the spoofed link—basically, a link to one website disguised as a link to another. Others will just use a URL that is different but looks passable enough to slip by unnoticed.

These domains can be tricky. Let’s look at a few red flags to keep an eye out for (in this case, the attacker using Amazon as a disguise):

If the email is from Amazon, a link should lead back to Amazon.com or accounts.amazon.com. If there is anything strange between “Amazon” and the “.com” then something is suspicious. There should also be a forward slash (/) after the “.com.” If the URL was something like amazon.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a rule of thumb:

  • amazon.com - Safe
  • amazon.com/activatecard - Safe
  • business.amazon.com - Safe
  • business.amazon.com/retail - Safe
  • amazon.com.activatecard.net - Suspicious! (notice the dot immediately after Amazon’s domain name)
  • amazon.com.activatecard.net/secure - Suspicious!
  • amazon.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!

 Some of these things can be challenging to spot, so you and your users need to be extra careful about checking (and double-checking) links.

Give Safe Links to Use

Even better, you could provide your team members with the links they are expected to use when being directed to certain places by their clients, rather than using the links potentially given in an email. These trusted links can be a real lifesaver, particularly when it becomes apparent that an email was an attack that a trusted link has helped your team to avoid.

Enforce Password Practices and Processes

The security of your team’s collective password policies is important for you to address, as these passwords are often the keys to the castle that cybercriminals are phishing for. Therefore, you need to ensure that your team is not only using best practices but are also handling these passwords appropriately, using tools like two-factor authentication wherever applicable and being generally cautious.

Evaluating Their Preparedness

Finally, once you’ve taught them the signs and precautions, you need to make sure that you check their proficiency in following through. To do this, a phishing test is in order.

A phishing test is simply a phishing attack you run against your own business to help identify where your weaknesses are. By showing you which team members are susceptible to an attack, you can correct the vulnerability through training and other assistance.

What Makes a Successful Phishing Test?

To effectively run a phishing test, you should not inform your team that one is incoming—to do so would defeat the purpose of the evaluation. If you do, make sure you keep it vague and never specify when they should expect it—that way, you can avoid skewing your results.

However, you also need to keep basic ethics in mind. Being shady—like some companies have been concerning their phishing “evaluations” in the past (we’re looking at you, GoDaddy)—will not help your security. You want to communicate trust with your team, and hope it is reciprocated.

As for your other security needs, lean on ClearView IT for assistance. Give us a call at 866-326-7214 to learn more.

Tweet
Tags:
Phishing Cybersecurity Best Practices
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 05 July 2025
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Search the Blog

Blog Categories

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Hackers Productivity Software Privacy Network Security Data Cloud Business User Tips IT Support Internet Hardware Innovation Email Hosted Solutions Malware Efficiency Workplace Tips Computer Google Microsoft Collaboration Android Phishing Business Management Cybersecurity IT Services Backup Ransomware Data Backup Smartphone communications Microsoft Office Upgrade Smartphones Small Business Mobile Devices Network Managed IT Services Communication Data Recovery Productivity Quick Tips Social Media VoIP Users Mobile Device Tech Term Automation Business Continuity Windows 10 Facebook Disaster Recovery Passwords Holiday Covid-19 IT Support Apps Windows 10 Browser Managed Service Miscellaneous Cloud Computing Outsourced IT Internet of Things Managed Service Provider Remote Work Data Management Government Saving Money Operating System Artificial Intelligence Managed IT services Networking Windows Workplace Strategy Gadgets Spam Server Blockchain Bandwidth WiFi Encryption Mobile Device Management Information Remote Business Technology App Virtualization History Office 365 Budget Gmail Office Employee/Employer Relationship Apple Two-factor Authentication Information Technology Health Access Control Data Security Analytics Cybercrime Wi-Fi Conferencing BDR Big Data Employer-Employee Relationship Document Management Voice over Internet Protocol Hacker Save Money Patch Management Remote Computing Compliance Remote Monitoring Help Desk Hacking Cost Management IT Management Vendor Training Legal Retail Alert Data storage Mobile Office Money Hiring/Firing Customer Service Unified Threat Management Managed Services Outlook Firewall Password Data loss Augmented Reality Word Project Management BYOD IBM Website Computing Vendor Management Hard Drive Applications Search... Best Practice Vulnerabilities Printer Monitoring VPN Healthcare Update Remote Workers Windows 7 Free Resource Sports Travel User Social DDoS Virtual Reality SaaS Social Engineering Cryptocurrency Paperless Office Antivirus Black Market How To iPhone Cleaning Maintenance Cortana Chrome Education Robot Content Filtering Websites Router Mobile Computing Meetings Data Breach Mobility Marketing The Internet of Things YouTube Twitter Google Maps Running Cable Scam Windows 11 Law Enforcement Storage Laptop End of Support Multi-factor Authentication Professional Services Downtime Tech Terms Hack Safety Identity Theft Notifications Managed IT Saving Time Digital Unified Communications Managed Services Provider Virtual Desktop Computers HIPAA Bitcoin Experience Google Docs Virtual Private Network Bluetooth Taxes Telephone Distributed Denial of Service Office Tips Current Events Private Cloud Memory Excel Solutions Disaster Physical Security Integration Politics Images 101 Lithium-ion battery Display Machine Learning Settings PowerPoint Virtual Assistant Start Menu Computer Care Administration Solid State Drive Downloads Processors Employees Presentation Avoiding Downtime Vulnerability Specifications Chromebook Software as a Service Drones IT Consultant Holidays Data Protection Processor Automobile Cooperation Customer Relationship Management Video Conferencing Co-Managed IT Entertainment How To Wireless Technology Microchip Virtual Machines Computer Repair Flexibility eWaste intranet Employer Employee Relationship PCI DSS Licensing In Internet of Things Television Telephony Fake News Supply Chain Wireless Hacks Shortcut Network Congestion Cabling Proxy Server Gig Economy Emails Humor Service Level Agreement Internet Service Provider Computing Infrastructure Azure Reliable Computing Heating/Cooling Writing Tablet Environment G Suite Business Communications Social Networking Tracking Management Regulations Compliance Device security Managed IT Service Windows XP Mouse VoIP Microsoft Excel Workplace Wireless Headphones Memes Tech Human Resources Going Green Net Neutrality Troubleshooting Business Cards Scalability Web Server Proactive IT Digital Payment Error Financial Data Administrator SharePoint Text Messaging IT Scams Bring Your Own Device Worker Bookmark Risk Management Term Google Apps Download Piracy Access Time Management Music Public Cloud Telework HTML Nanotechnology Communitications Microsoft 365 Cables Staffing Browsers Smartwatch Google Play Upload Procurement Business Owner Software License Audit IP Address Spyware File Sharing Social Network FinTech Botnet Screen Reader IT Assessment Point of Sale Rental Service Redundancy Micrsooft Data Analysis CES Security Cameras Trends Supply Chain Management Mobile Technology Value Flash Cache Shortcuts Telephone Systems Unified Threat Management Business Growth Workers Customer Resource management Organization Devices Cyber security Smart Devices Tip of the week Recovery Competition Fileless Malware CCTV Gamification Remote Working Inbound Marketing Company Culture Printing Be Proactive Banking Touchscreen Entrepreneur Google Wallet Telephone System AI Regulations Trend Micro LiFi Backup and Disaster Recovery Electronic Health Records Transportation Documents Messenger Emergency Application Deep Learning Computer Malfunction Directions Digital Security Cameras Business Intelligence Content Desktop Wasting Time Vendor Mangement Modem Workplace Strategies Business Metrics Hosted Solution Samsung Electronic Medical Records Electronic Payment Accountants eCommerce Database Surveillance Securty Books Uninterrupted Power Supply Webcam Videos Society Managing Costs Domains Language Business Mangement SSID Tablets Health IT Equifax Phone System Tactics Development Hard Drive Disposal Employer/Employee Relationships Reading Monitors Visible Light Communication Media Windows 8 Supercomputer Username Virtual Machine Google Calendar Freedom of Information Smart Technology Virus Reviews Startup Optimization Addiction email scam Teamwork Relocation Public Speaking Displays Advertising Motion Sickness Navigation 2FA Tech Support Data Storage Mobile Security Hypervisor Streaming Media Comparison Computer Accessories Work/Life Balance Google Drive News Medical IT Keyboard User Tip Shopping Legislation Network Management SQL Server Knowledge Hard Drives Corporate Profile Evernote Paperless

Blog Archive

Recent Comments

No comments yet.

Interested In A Free Consultation?

Click Here