Is it a phishing attempt? Ask these two questions.

If you’re not already, it’s time to become aware of the risk of phishing attempts within your business. If you think you’ve figured out all the possible phishing attempts, think again. Hackers are always finding new ways to breach your security–looking for one opening of weakness to hack your business.

The best solution is to stay vigilant and ask these 2 key questions when in doubt.

1. Should I be receiving this email? 

Were you expecting the email you just received? Does it make sense at first glance? Sure, you may not always recognize the sender, but if the marketing department is receiving invoices that should be going to bookkeeping, that might be a sign it’s a phishing attempt. If architectural plans are going to the billing department, be suspicious. If emails seem out of place, consider it a phishing attack until you’re able to confirm otherwise. Call the appropriate parties (don’t forward the email!) and verify they intended to send it to you. Better safe, than sorry! 

2. Do I have an account with the vendor emailing me?

If you don’t have an account with a 3rd party vendor, you should not be receiving emails from them. Even if you do have an account, if you receive an email that you did not expect or initiate (i.e. a password reset), consider it a phishing attempt until you’re able to verify otherwise. Unless you directly requested contact from the 3rd party vendor, it is best to assume it is a phishing attack. Vendors will rarely send password resets unless you requested the reset or are having trouble accessing your account. Again, an action on your part would initiate this action. If you are getting an email out of the blue, be suspicious.

In general, avoid clicking links in emails you were not expecting. Worried that password reset email was intended for you? There is an easy way to find out: visit the 3rd party’s website and attempt log-in with your usual log-in credentials. If you’re able to gain access as usual, you will know the email was a phishing scam. 

The moral of the story is this: if you are receiving an unexpected email of any kind–even if you don’t think it could be a phishing attack–assume it is until you’re able to confirm otherwise. Hackers are constantly finding new creative ways to mask phishing attempts so they are successful.  

There is no way to definitively know every type of phishing attempt that might land in your inbox (annoying, right?!). The important thing is to take pause when receiving unexpected emails before taking any action requested in the email. 

Educating your employees on signals and questions to ask, can help your business (and them personally), avoid phishing attempts. Stay vigilant and ask questions.


To learn more about how your business can protect itself against phishing attempts and cybersecurity attacks, contact PK Tech. We provide support and services to protect your business.

About PK Tech