It use to be that phishing email messages were easy to spot: they were from an unknown person, full of typos and grammatical errors, and often used broken English. They sometimes included a sob story that was truly not believable.
Not anymore. The hackers are becoming more clever and using actual logos (or very good renditions of them), have better language skills, and are making the messages appear to come from a friend or colleague. These make it very difficult to detect fact from fiction.
But there is hope! Fraud attempts can be identified with training and education, which will lead to less exposure and risk.
A good training program is not difficult to set up. If it’s not reasonable to do it yourself, there are many organizations that provide this service and there is one for every budget. They should include information on identifying phishing, and instruction on what to do if someone accidentally executes malware. Test employees and anyone who connects to your network. Yearly is not enough, quarterly is recommended, and if you can do it more often, do so! Small- to medium-sized companies are becoming targets of choice. Taking some time to implement good security practices can do wonders to lower your risk.
The use of trademarks is not intended to endorse any company, product or service. Trademarks are the property of their registered owners.