Hackers are using any opportunity they can to exploit their victim’s personal information for their own financial gain. The “work from anywhere” trend exposes everyone to cyber-attacks—particularly phishing, a common tactic aimed at acquiring sensitive data. Falling for these scams can harm your company’s network by transmitting malware and viruses. As phishing schemes become more sophisticated, early detection becomes crucial. Prepare your team to identify and stop such threats to safeguard your organization.

Mass Campaigns:

In these phishing attempts, emails imitating well-known companies are sent to lists of recipients requesting their login credentials or credit card information. These attacks often employ email spoofing to make it seem like the messages are from a legitimate source.

What to look for:

  • Does it look like a legitimate request? Check to see if the email address and domain of the sender is correct, or if there are misspellings scattered throughout the text.
  • Review the message for any logos that appear unusual or fake.
  • Exercise caution with emails that primarily consist of an image and contain very little text.

Spear Phishing:

This form of phishing involves personalized and targeted email attacks directed at specific individuals or organizations.

What to look for:

  • Exercise caution when receiving internal requests from individuals in other departments, especially if they seem unusual for their job function.
  • Be cautious of links leading to documents stored on shared drives such as Google Suite, O365, and Dropbox, as they may redirect to fake and malicious websites.
  • Treat any documents prompting for a user login ID and password with suspicion, as they could be an attempt to steal credentials.
  • Avoid clicking on links from sources claiming to be familiar websites. Instead, manually enter the website’s address in your browser to ensure you’re accessing the legitimate site and not falling for a phishing scam.


Whaling denotes targeted spear-phishing attacks aimed specifically at high-ranking executives and other prominent individuals to gain unauthorized access to company platforms or sensitive financial information.

  • Approach requests from senior leadership members with caution if there has been no previous contact.
  • Verify that any seemingly legitimate request is sent to a work email rather than a personal one.
  • Be cautious of urgent requests, as they may incur costs if they turn out to be fake. Consider reaching out separately through email, text, or a phone call to verify the request before taking action.

Clone Phishing:

In this type of attack, the perpetrator duplicates a genuine email sent by a trustworthy organization but substitutes a link that leads to a deceitful or malicious website.

  • Exercise caution with unexpected emails from service providers, even those you frequently communicate with.
  • Be cautious of emails requesting personal information that the service provider has not previously asked for. If you are certain the request is genuine, it is safer to manually enter the data directly on the website using your browser.


This tactic involves an attacker using a non-email channel, such as voicemail, to create the impression of sending something authentic in the near future. However, they instead send an email with malicious links or content.

Can I Do More?

Educating your employees about phishing and other cyber security risks is important. One of the many benefits of being a client with a Premier IT Support Plan from Onward is the availability of free Cyber Security Training for your employees. Onward also offers its managed support clients the option to subscribe to services that offer enhanced protection against Phishing and other cyber threats. Contact us today to learn more!