Subscribe

Fraud | September 2024 How to defend against corporate phishing attacks

How to defend against corporate phishing attacks 

Corporate phishing attacks are a type of social engineering fraud (SEF) where malicious actors pose as a trusted person or entity to send fake, emergency-related messages. With phishing attacks on the rise—surging by 58% last year according to a Zscaler report—it’s critical to arm your employees with the knowledge and tools needed to protect your business.Disclosure 1

Key concepts

In this article, you’ll learn how to:

  • How and why corporate phishing happens
  • How employees can stop attacks in their tracks
  • How technology and training can make a difference

Video: Fraud prevention 101: Phishing

Component ID : "accordionGridLayout-1973277518"
Model : "disclaimer"
Position : "left"

Fraud Prevention 101 – Email Fraud

(Visual Description: Fraud Prevention 101: Email Fraud

Truist title and logo in the lower right corner.

Email fraud, avoid falling for this common trick into sharing sensitive information.

Definition reads: Email Fraud - A fraudulent email scheme performed by a dishonest individual, group or company in attempt to obtain money or something else of value.)

Companies experience email fraud when individuals click on a malicious link or provide personal information. 

(Visual Description: An example of a suspicious email from CEO memo <marky.shurtserberg@phase.book.com.ru> is shown on a computer screen. The email contains a button that reads “Meeting” which is clicked. A motion graphic follows to depict that the user’s computer has been compromised. 

The most common email scams appear to come from senior officers at your organization or from existing vendors. 

They can be difficult to differentiate from legitimate emails, especially as fraudsters become more sophisticated. 

Stay vigilant. If you see something suspicious, call the person who sent you the email and verify their request.

(Visual Description: Learn to keep your business safe

Truist logo and Truist Title appear in the center of page. 

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Disclosure:

Truist Bank, Member FDIC. © 2021 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.)

How does corporate phishing happen? 

Cybercriminals exploit fear and doubt, posing as reputable organizations or government agencies to defraud companies, especially in times of crisis. Through email, texts, phone calls, or websites that spoof (imitate) a business you transact with, these counterfeit communications can trick your staff into sharing sensitive information or clicking malicious links.

Good news: Reporting phishing can reduce scams.

75 million phishing emails were blocked by user reporting in 2022.Disclosure 2

Case study: Careful planning helps network hardware supplier thwart a potentially devastating phishing attack.

In 2022, hackers took control of a Cisco employee’s Google account.Disclosure 3 Then they used vishing (voice phishing) to trick a corporate help desk employee into providing access to Cisco’s network.

Thanks to strong security protocols, Cisco’s IT team detected and removed the hackers before damage was done. The company quickly turned the attack into a teachable moment by updating its cybersecurity protocols to further strengthen its defenses.

Best practices and prevention

Like Cisco, your company can put policies in place that empower employees to stop corporate phishing attacks. Here are some proactive best practices to discuss with your teams.

Teach staff to spot sketchy emails.
Train employees at all levels to watch for misspellings in email addresses and domain names, tonal inconsistencies, unusual timing, fraudulent links, and urgent requests for sensitive information. Any of these can be an indicator of corporate phishing.

Update protocols for flagging suspicious messages.
Talk to your tech experts and security team about ways to flag suspicious communications and quickly neutralize threats. This can include teaching employees to report emails, as well as implementing filters to flag emails automatically if they meet certain criteria.

Use tech to bolster your defenses.
Set up strong spam filters on company email networks, mandate digital signatures on documents, and require multifactor authentication when signing in to servers. Educate employees on how to select, protect, and regularly change their passwords to prevent theft.

Report corporate phishing scams.
Alert your whole team when there’s been a phishing attempt or attack. Explain what happened, how to spot something similar, and who to contact if they do. Giving them the heads-up makes it less likely they’ll fall for the same scam.

Talk to Truist.
If you’re ever in doubt about the authenticity of an email from Truist, reach out to your relationship manager to verify it. Our fraud prevention professionals can help identify and halt phishing attempts the instant they appear.

FAQ on corporate phishing

Component ID : "faq-1301646222"
Model : "faq"
Position : "left"

Turn to professionals for protection.

To learn more about cybersecurity threats and the various types of fraud facing your organization, connect with one of Truist’s relationship managers.

Purple PaperSM

The power of partnership

Uncover the value of Truist Business Lifecycle Advisory.

Download the Purple Paper (PDF)
Client Success Stories

Supporting a future-focused advisory firm through accelerated growth

Helping a repair service entrepreneur flip the switch on business transition

Paving the way to growth for an infrastructure innovator

See all Client Stories

Related resources

    {0}

    {0}

    {2}
    {6}
    {7}
    {8}
    {9}
    {12}
    {10}
    {11}

    {3}

    {1}
    {2}
    {6}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}
    {1}
    {2}
    {7}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}

    Stay informed and get connected

    Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

    Connect with a Relationship Manager

    Work with a partner who sees your vision and has the resources to help you achieve it. We’re ready to focus on the specific needs of your company—and where you are in your business lifecycle.

    *This form is for prospects. Truist clients should contact their relationship manager with inquiries related to commercial products and services.

    Contact us

    Helpful links

    Business Insights
    Truist Business Lifecycle Advisory
    Business Resource Center
    Sign up for monthly articles on Business Insights

    Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

    Please enter a first name
    Please enter a last name
    Please enter a valid email address
    Please enter a company name
    I'm also interested in: Please select a campaign option
    Component ID : "accordionGridLayout-1396148670"
    Model : "disclaimer"
    Position : "left"

    Disclosure 1Zscaler ThreatLabz 2024 Phishing Report,” Zscaler, 2024.

    Disclosure 22023 State of the Phish Report,” Proofpoint, 2023.

    Disclosure 3Cisco averts cyber disaster after successful phishing attack,” ComputerWeekly, August 11, 2022.

    Disclosure 45 Types of Employees Often Targeted By Phishing Attacks,” Entrepreneur, September 7, 2016.

    Disclosures

    Truist Bank, Member FDIC. © 2024 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

    Equal Housing Lender

    Investment and Insurance Products:

    • Are Not FDIC or any other Government Agency Insured
    • Are Not Bank Guaranteed
    • May Lose Value

    TRUIST is a service mark of Truist Financial Corporation (Truist) and its affiliates.

    Services provided by Truist Financial Corporation (Truist) affiliates: Banking products and services, including loans and deposit accounts, provided by Truist Bank, Member FDIC. Trust and investment management services provided by Truist Bank. Securities, brokerage accounts and /or annuities offered by Truist Investment Services, Inc., an SEC registered broker-dealer, and member FINRA and SIPC, and a licensed insurance agency. Investment advisory services offered by Truist Advisory Services, Inc. and GFO Advisory Services, LLC, SEC registered investment advisers. Some insurance products offered by Truist Investment Services, Inc. Other insurance products offered by McGriff Insurance Services, LLC (McGriff), Kensington Vanguard National Land Services, LLC (Kensington Vanguard) and Crump Life Insurance Services, LLC (Crump). Truist Life Insurance Services (TLIS) is a division of Crump, Arkansas License #100103477. Variable insurance material is for broker-dealer or registered representative use only. Variable products distributed by P.J. Robb Variable (PJRV), LLC, Arkansas License #100110185. Member FINRA.

    McGriff, Kensington Vanguard, Crump, TLIS, and PJRV are not affiliated with Truist Financial Corporation or any of its subsidiaries.

    Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank.

    Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

    Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

    "Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

    Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Truist offers the following resources for consumers that have Limited English Proficiency:

    • Multilingual teammates available at our Multicultural Banking Centers
    • Materials for some products and services are available in Spanish, Korean, Vietnamese, Mandarin, and other languages spoken in the communities we serve.
    • Phone assistance in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages please speak to a representative directly.

    New York City residents:

    Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

    • Limited English Proficiency Support
    • New York City residents

    Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

    Site footer

    Footer Navigation

    Banking products
    About Truist
    Resources
    Support

    © 2024, Truist. All Rights Reserved.