Are Your Employees Phishing Bait?



Did you know that Business Email Compromise (BEC) is the number one-way businesses are hacked every year? Last year BEC losses hit $12.5 billion (Egan, 2018)… both large and small businesses affecting every industry in every market with a single click of a button. It’s unfortunate but as a business owner, one of your main cybersecurity risks are those receiving a paycheck every two weeks.

Your employees are your most essential asset (and thus also your biggest risk) when it comes to defending against phishing emails. Hackers are not only phishing to target the business owner they are targeting the employees.  Phishing is one of the most common strategies hackers/scammers use to steal consumer credentials. They mimic emails and websites to trick consumers into clicking on malware-infected links every day.  

Hackers who use phishing tactics can impersonate well-known brands, colleagues, or even government websites. Cybercriminals essentially use this form of hacking to trick the everyday individual to seek out their private information. The private information hackers are targeting are usernames, passwords, banking details, etc….  

Here are some simple tips to save you from being phishing bait. 

Check the email address 

First, look at the senders’ email address, especially if they are asking you to open up an attachment within the email. Usually, the cybercriminal will use a public email address. Often when hackers are impersonating, they will keep the email address as close to the original as possible. Make sure to check the authenticity of the email by paying close attention to spelling, added letters or symbols. Usually, the email will be off by a letter or number. When looking in an email from a company, bank or colleague, look for the company name in the email address.

Watch out for unusual attachments  

If you receive an email from a stranger that essentially is telling you to open up the document attached, do not open it! Wait until you’ve checked the authenticity of the email by following the step above. When a stranger is asking you to download a document, it usually means that there is malware attached to it. When malware is attached to documents, they can harm your computer and steal all your personal credentials.  

Anxiety emails 

The reason why I would call them “anxiety emails” is because they cause a sudden sense of urgency when receiving them. These types of phishing emails usually ask victims to verify personal information such as bank details, change in passwords, account expiration, or a warning about suspicious activity on a personal account. These can be major warning signs that you are in the waters to be phished. When in doubt, contact your provider or company sending you these warning emails.  

Misspelled URL Links  

When receiving a phishing email, hackers may ask that you click on a link to direct you to their fake website. Before clicking on the link, hover your mouse over the link to see the websites’ true URL. Usually, you can see a misspelled word or other grammatical errors. These URLs can be different from what you were originally expecting the website to be. So always double-check before you double-click. 

When detecting phishing emails, you will start to realize how poorly written the email is. Most phishing emails contain a lot of grammatical and spelling errors.  

Groff NetWorks 

As tricky as cybercriminals are, we here at Groff NetWorks see them every day. We implement phishing training for our employees and clients and our services to phish test. We designed our phishing test for “the clickers” that are potentially in your company. We consider ourselves to be Caring, Responsive, Friendly and Honest – that is our recipe for helping our users (your employees) not take the bait.




Egan, Gretel. “$12.5 Billion Lost in BEC Attacks, FBI Reports.” Security Awareness Training Software, 25 July 2018,