The sending and receiving of malicious emails, phishing, is a cyber-threat that all businesses should be on the lookout for. But, unfortunately, what most professionals know to be true about phishing attacks, isn’t always the most accurate information out there.

Here are four things that might happen within a phishing attack that most people don’t realize to be true.

Internal processes might be known.

When it comes to phishing, the attack can play out in a variety of ways, and if you’re lucky, it won’t involve your internal processes. When this happens, it’s very difficult to determine the legitimacy of an email (if that thought even crosses your mind to being with). As soon as content references your specific processes and policies, it’s hard to say that the email is fake.

Because of this, it’s important to remember that even if an email mentions your company’s internal procedures, there’s still a chance the email might be malicious. You must take additional steps to determine the legitimacy of the content, especially if it asks you for any sensitive data.

Sometimes in phishing, a coworker might be used.

Hackers and cybercriminals do their homework. They’ll research your company and get familiar with your processes, as well as your coworkers. In other words, they’ll figure out who works for your company, what position they have, and where they rank on the totem pole. Then, they’ll use this information and bounce it off your internal processes – which is where things really start to get scary.

To avoid being duped by someone pretending to be your coworker, you need to slow down and read over everything carefully. This means you need to make sure the request makes sense to the person – Would this person normally ask you to do something of this nature?

If the answer to this question is ‘yes,’ then next, you should make sure the address the email originates from is accurate. There isn’t much difference between and But again, to catch this difference, you’ll need to read things over carefully.

Grammatically, the email might be perfect.

Online users have always been told that phishing emails are going to be grammatically incorrect. It’ll read like it came from another country, and it’ll be littered with misspellings and forgotten commas. However, this isn’t always the case. In fact, this is far from the case.

More oft than not, a phishing email will look rather perfect. It won’t have grammatical errors, and it’ll appear completely normal. In other words, don’t bank your whole process of verifying emails based off grammar. It won’t work.

You won’t always be asked to download something.

Phishing attacks aren’t always about corrupt links and malicious downloads. Sometimes, they’ll just ask for something, like financial data, personal records, or login credentials. Or they might even ask you to do something – send over a document, adjust client records, or change company data.

Again, you need to slow down at this point and analyze what it is you’re being asked to do. Don’t rush into an action just because you can. Verify the request and the sender before you ever do anything.


Concerned about Phishing for your company?  Give TLC Tech a call.