How to defend against corporate phishing attacks 

Corporate phishing attacks are a type of social engineering fraud (SEF) where malicious actors pose as a trusted person or entity to send fake, emergency-related messages. With phishing attacks on the rise—surging by 58% last year according to a Zscaler report—it’s critical to arm your employees with the knowledge and tools needed to protect your business.Disclosure 1

Key concepts

In this article, you’ll learn how to:

  • How and why corporate phishing happens
  • How employees can stop attacks in their tracks
  • How technology and training can make a difference

Video: Fraud prevention 101: Phishing

Component ID : "accordionGridLayout-1973277518"
Model : "disclaimer"
Position : "left"

Fraud Prevention 101 – Email Fraud

(Visual Description: Fraud Prevention 101: Email Fraud

Truist title and logo in the lower right corner.

Email fraud, avoid falling for this common trick into sharing sensitive information.

Definition reads: Email Fraud - A fraudulent email scheme performed by a dishonest individual, group or company in attempt to obtain money or something else of value.)

Companies experience email fraud when individuals click on a malicious link or provide personal information. 

(Visual Description: An example of a suspicious email from CEO memo <marky.shurtserberg@phase.book.com.ru> is shown on a computer screen. The email contains a button that reads “Meeting” which is clicked. A motion graphic follows to depict that the user’s computer has been compromised. 

The most common email scams appear to come from senior officers at your organization or from existing vendors. 

They can be difficult to differentiate from legitimate emails, especially as fraudsters become more sophisticated. 

Stay vigilant. If you see something suspicious, call the person who sent you the email and verify their request.

(Visual Description: Learn to keep your business safe

Truist logo and Truist Title appear in the center of page. 

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Disclosure:

Truist Bank, Member FDIC. © 2021 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.)

How does corporate phishing happen? 

Cybercriminals exploit fear and doubt, posing as reputable organizations or government agencies to defraud companies, especially in times of crisis. Through email, texts, phone calls, or websites that spoof (imitate) a business you transact with, these counterfeit communications can trick your staff into sharing sensitive information or clicking malicious links.

Good news: Reporting phishing can reduce scams.

75 million phishing emails were blocked by user reporting in 2022.Disclosure 2

Case study: Careful planning helps network hardware supplier thwart a potentially devastating phishing attack.

In 2022, hackers took control of a Cisco employee’s Google account.Disclosure 3 Then they used vishing (voice phishing) to trick a corporate help desk employee into providing access to Cisco’s network.

Thanks to strong security protocols, Cisco’s IT team detected and removed the hackers before damage was done. The company quickly turned the attack into a teachable moment by updating its cybersecurity protocols to further strengthen its defenses.

Best practices and prevention

Like Cisco, your company can put policies in place that empower employees to stop corporate phishing attacks. Here are some proactive best practices to discuss with your teams.

Teach staff to spot sketchy emails.
Train employees at all levels to watch for misspellings in email addresses and domain names, tonal inconsistencies, unusual timing, fraudulent links, and urgent requests for sensitive information. Any of these can be an indicator of corporate phishing.

Update protocols for flagging suspicious messages.
Talk to your tech experts and security team about ways to flag suspicious communications and quickly neutralize threats. This can include teaching employees to report emails, as well as implementing filters to flag emails automatically if they meet certain criteria.

Use tech to bolster your defenses.
Set up strong spam filters on company email networks, mandate digital signatures on documents, and require multifactor authentication when signing in to servers. Educate employees on how to select, protect, and regularly change their passwords to prevent theft.

Report corporate phishing scams.
Alert your whole team when there’s been a phishing attempt or attack. Explain what happened, how to spot something similar, and who to contact if they do. Giving them the heads-up makes it less likely they’ll fall for the same scam.

Talk to Truist.
If you’re ever in doubt about the authenticity of an email from Truist, reach out to your relationship manager to verify it. Our fraud prevention professionals can help identify and halt phishing attempts the instant they appear.

FAQ on corporate phishing

Component ID : "faq-1301646222"
Model : "faq"
Position : "left"

Turn to professionals for protection.

To learn more about cybersecurity threats and the various types of fraud facing your organization, connect with one of Truist’s relationship managers.

Purple PaperSM

Digital Transformation

Learn how you can put advanced technology to work for your business.

Related resources

    {0}
    {6}
    {7}
    {8}
    {9}
    {12}
    {10}
    {11}

    {3}

    {1}
    {2}
    {7}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}

    Stay informed and get connected

    Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

    Connect with a Relationship Manager

    Work with a partner who sees your vision and has the resources to help you achieve it. We’re ready to focus on the specific needs of your company—and where you are in your business lifecycle.

    *This form is for prospects. Truist clients should contact their relationship manager with inquiries related to commercial products and services.

    Helpful links



    Sign up for monthly articles on Business Insights

    Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

    Please enter a first name
    Please enter a last name
    Please enter a valid email address
    Please enter a company name
    I'm also interested in: Please select a campaign option