Cybersecurity | September 14, 2023

Does Your Staff Click Bad Emails?

How versed is your staff in cybersecurity and phishing techniques? Hackers rely on catching people off guard, rushed, or creating some form of urgency. Phishing scams can come in many forms, and their effects can have serious repercussions for you/your business.  

Phishing Training 

As your first line of defense, employees should stay updated with the latest phishing training. The good news is, there are great hassle-free phishing training lessons and resources available online.  

Catch of the Day  

Let’s look at the stats! Did you know that more than 90% of successful hacks/data breaches start with a phishing scam? Phishing attacks happen, a lot. It’s time to stop thinking that your business isn’t a target and get educated. Listed below are ten forms of phishing scams that everyone should be aware of. 

10 Phishing Scams Your Employees Should Know About   

Spear Phishing

Spear phishing, not to be confused with spearfishing is considered a hyper-targeted phishing attack. Hacking pros will map out certain individuals or organizations to get the highest value on their efforts. Initial research is done before deploying this attack to make it seem more personal and believable.  


The most common method to send phishing scams is via email.  Because of this, having a basic email phishing training course for your employees is a must. It’s been reported that 3.4 billion malicious emails are sent every day, so one of them is bound to show up in your inbox. 

Session Hijacking  

Session hijacking is the process of illegally accessing a web server to take over someone’s web session and potentially steal their valuable information. Simple phishing techniques are typically used for the hacker to get their foot in the door. 

Vishing (Voice Phishing)

We have all experienced spam calls at some time or another. Vishing is a phone call from a fake caller ID that attempts to trick recipients to give them sensitive information. The caller may be posing as your bank, car dealer, insurance carrier, etc. Proper phishing training can help point out the warning signs of what to look out for during one of these calls. As a golden rule, if there is a sense of urgency or the call seems random, it’s likely a vishing scam. 

Smishing (SMS Phishing)

A smishing scam is sent through SMS texting. This text will normally contain a link the sender is asking you to click on. The link will generally go to a phishing website or ask you to grant them access to one of your accounts by logging into a portal. 


Malware is a type of virus that takes havoc on a user’s computer. Phishing scams with malware are usually sent through email via a link or a downloadable file. Once you have clicked on the link or downloaded the file, the malware will activate.   


It’s in the name. Ransomware is a type of virus delivered that will not give back the control of your device until the hacker’s stated ‘ransom’ has been paid. In all other ways, this virus behaves like a malware attack. 

Domain Spoofing

This is a popular phishing scam that takes place over workplace email, hence a valuable thing to teach employees during phishing training. Domain spoofing will use fake email addresses that appear to be coming from your boss, co-worker, etc. Never click or download anything if you are suspicious of domain spoofing. The best thing you can do to stay safe is to verify the email sender through another form of communication. 

Social Engineering

Social engineering is the use of psychological manipulation to trick a user into making security mistakes or providing a cybercriminal with sensitive information. 

Evil Twin Wi-Fi

Beware of the public Wi-Fi. Hackers can easily pose as a common network such as ‘Xfinity Wi-Fi’ and gain access to your information once you connect your device. 


Don’t Get Caught

It’s better to be safe than sorry. Phishing training is a simple solution to keeping your business’s data protected. Don’t know where to start? EMPIST’s free baseline phishing test is a great way to gauge the existing threat of a cyberattack against your business. 

For more IT news, blogs and industry insights throughout the week, follow us on Facebook, TwitterLinkedInand Instagram.