protect your business from phishing attacks

Don’t let your business fall victim to this common scam technique. Always verify emails before providing information or clicking links.

What is phishing?

Phishing is a common technique employed by scammers throughout the world. A phishing attack looks like an email from a business, company, customer, or person you know, but it isn’t. The email will ask you to provide sensitive information, like network passwords or credit card numbers, or to open an attachment or link to a website which can appear to be legitimate. Not sure if an email is legitimate? We can help.

How a phishing attack works

1. You get an email

A phishing attack starts with a simple email. The email could appear to come from your boss, a company or business you work with, or a fellow employee. The email will typically ask you to click a link, respond with your password, or provide credit card information.

2. It looks legitimate

The email will look valid. A phisher can easily download logos and fake email signatures that make the email look more real. You can expect a scammer to use the name of one of your business partners or pretend to be someone you know when you are targeted by a phishing attack.

3. There is an urgent call to action

No matter what piece of sensitive information the email asks for, you can count on there being a sense of urgency. The phisher will typically imply a negative outcome if you don’t act based on the email. This will sometimes manifest itself as a request to do something such as enroll in benefits, view your paycheck, etc. They are looking for you to follow through with clicking the attachment, going to the link, or providing information which you should not disclose. This sense of urgency is designed to prevent you from thinking through the request and asking questions.

4. There is a dangerous attachment, link, or request

If you click on a link in the email you open your business up to the installation of malicious programs on your systems. Links in the email will take you to a page that looks like your bank or other another familiar website. If you provide passwords, scammers can access your business accounts and can compromise any sensitive data stored in your system.

How to protect yourself

1. Check the email address

This is the first step to verifying any email you receive. If an email is asking for information or sending you online through a link, you should make sure you recognize the sender. Scammers can spoof email addresses, but they will also create an email address that appears like a valid one. Look for small irregularities like periods or numbers replacing letters.

2. Watch out for grammar and tone

Scammers often make common grammatical or spelling mistakes when sending emails. If an email claims to be from someone you know, make sure the email sounds like it is written by that person.

3. Reach out

If you aren't sure about the validity of an email, reach out to that person via a known channel of communication. This is the surest way to make sure an email is legitimate and isn't a scammer trying to compromise your business. Do not reply to the email asking if it's legitimate. In most cases, the email is out of character and completely isolated from any other conversations you've had with the sender.

4. Avoid links and attachments

Make sure you trust the sender before clicking on any links or downloading any attachments. You can check a link by hovering over it with your mouse to make sure the link is taking you to a valid webpage.

What to do if you fall for a phishing attack

1. Alert your team

If you think you have received a phishing email or have fallen for one, talk to your team. Phishing attacks typically target multiple people in a company. If you provided credentials for a third-party site, it is important to contact that company and make them aware of what has happened.

2. Change your passwords

It is best practice to frequently change your passwords. You should also use a different password for every account. Using a password manager is a good way to strengthen your passwords and to limit your exposure if one account is compromised. If you believe you were phished changing all passwords is a great way to protect yourself. If you provided a password that is shared with other accounts, change the password for those accounts as well.

3. Notify your customers

If customer data is impacted by the security breach, you should let them know once you understand the extent of the incident. You can find more information on how to do this at the Federal Trade Commission website.

4. File a report

To report a phishing email, you can forward it to the FTC and Anti-Phishing Working Group at spam@uce.gov and reportphishing@apwg.org. You should also let the company that is impersonated know about the phishing scheme.

Practicing good online habits is key to the health and safety of your business and personal web presence. For more information on how to stay safe online, view our security blogs on Flourish with First or visit our free online identity theft protection course.


The information on this page is accurate as of March 2021 and is subject to change. First Financial Bank is not affiliated with any third-parties or third-party websites mentioned above. Any reference to any person, organization, activity, product, and/or service does not constitute or imply an endorsement. By clicking on a third-party link, you acknowledge you are leaving bankatfirst.com. First Financial Bank is not responsible for the content or security of any linked web page. Member FDIC / Equal Housing Lender.

You’re about to leave bankatfirst.com

First Financial Bank is not affiliated with any third-party websites. Any reference to any person, organization, activity, product, and/or services does not constitute or imply an endorsement. First Financial Bank is not responsible for the content or security of any linked web page.