This is the first of several key action steps to protect yourself and your business from cyber attacks as we go through Cybersecurity Awareness Month.

Key Action Step #1:  Think Before You Click

Known as “phishing attacks”, clicking deceptive, fake, or malicious links is the most common type of cyber attack, accounting for over 80% of reported cybersecurity incidents.

Over 90% of successful cyber attacks against businesses originate from phishing.

Phishing attempts use email, text, websites, and even private messaging apps like WhatsApp to obtain pieces of personal information or gain access to sensitive systems.

While some of these attempts are obvious, others have become more sophisticated. For example, this year has seen an increase in text message phishing attempts. Someone will send you a text as if they know you, pretend to have texted the wrong number, and then try to strike up a conversation to build trust and get your information.

Most people don’t know that once cyber criminals have information they can use to exploit systems… they wait. They embed malicious programs into systems that will deeply embed over 3-4 months without any sign of trouble. Then they activate the threat with often crippling results.

Here are some best practices for avoiding phishing attacks.


If you receive an email claiming to be from a trustworthy source, verify that the FROM address matches that of the individual or company they claim to represent.  For example, an email from PayPal should have “” in the FROM address.


Cyber criminals will sometimes display the text of what appears to be a legitimate link but then actually link it to a malicious location. Hover over the link to see where it’s actually going before you click it.


It’s common to see slightly misspelled domain names used in phishing attempts.  For example, you may receive an email that appears to be from Microsoft, but then discover the sender domain is actually “”.


If you’ve ever been “Rickrolled” (a harmless prank involving a popular Rick Astley song), this one already makes sense. In short, don’t trust random, unknown links.


If there’s even the slightest doubt in your mind, don’t click or send any information. It’s not worth it. Find an alternate contact channel for the supposed sender (e.g. official website, support number) and let them know what you received. Any legitimate source won’t be frustrated that you took precautionary steps to protect yourself.

These are a great starting point for avoiding phishing attempts. And of course, we help businesses implement full-scale personnel security practices in addition to technical cybersecurity measures.