How to Limit Your Exposure to Email Phishing Scams

Phishing scams are ever-present in business today. Whether it’s emails, phone calls, direct messages, or web infiltration, scammers are finding new ways every day to take advantage. With the increase in financial scams via email, it’s important to understand how to limit your exposure to this risk. The most important thing you can do is educate and train your staff, and show them examples of phishing emails and what to look for.


Here are some specific steps to minimize your exposure to phishing:

Remind Your Team Regularly!

It can be easy to get complacent, but if you are regularly reminding your team (and yourself) of the horror stories that have happened, it helps to keep phishing top of mind and to be diligent.

Check email addresses of senders. One of the most common signs that an email is a phishing email is the email address. The display name may be the name of someone you would expect to see an email from, but if you look at the actual email address, it is a random mix of letters that don’t make sense or it’s a Gmail or yahoo account that you don’t typically see from that person. This isn’t fool proof. Sometimes phishing can be sophisticated enough to send from the person’s actual email address, but it’s definitely something to check.

Be Wary.

If the person you’re receiving the request from wouldn’t typically speak to you the way they are in the email, dig further. If you aren’t expecting a document to sign from someone, ask before opening. If you wouldn’t typically get a request to purchase 12 gift cards for $100 each, follow up. Scammers are good, but there are typically signs if you look for them.

Think Before You Click.

Word documents, PDFs, and other standard documents can hold viruses. Before you click to open any attachment from an email, think twice. Are you expecting the email? Do you typically get such emails from that person?

If All Else Fails, ASK!

I have received plenty of emails where I followed up with the sender to ensure I should open. More often than not, this is the first notification that they were hacked. It’s much better to ask and get confirmation, than to not ask and have a mess to clean up.


Always verbally verify any financial transaction prior to initiating. If you get an email request to wire funds to a new vendor, call the requestor and confirm the information over the phone. Double verification is even better. Call to verify and then have them send a separate email with specific confirmation. Or, have two approvers required for any wires or other financial transactions over a certain amount. NEVER initiate a wire, check or ACH payment to any vendor using only an email request.

Beef Up Your IT Security.

Turn on spam filtration for email. Install anti-virus. Perform security scans. Complete quarterly IT audits.

Add a cyber policy to your insurance. With the rise of cyber crime, comes the increase in cyber policy options. Talk to your insurance broker. Get the right coverage for your business.


Phishing scams are out there. Be diligent. Minimize your risk.

By: Shauna Huntington

Posted in ,