How can I protect my firm from email phishing?

Tips to avoid falling victim to email phishing.

Don't let email phishing scare you too much, as these emails are easier to spot than it seems. Make sure your employees are educated and up-to-date on how to respond to an email phishing attack. Share the below list of tips with your firm:

  • Don’t trust the sender display name: A common phishing tactic is to spoof the display name of the sender. When in doubt - check the email address in the header. If the sender email address does not match the display name, don’t open the email.
  • The email address is valid but looks suspicious: If you are skeptical of the content in the email, trust your instinct and use caution. It is possible a client or third-party vendor’s email account has been compromised. If the email is coming from a bank or other financial institution, try calling and verifying the information.
  • Don't click on links contained within an email: If the email contains any embedded links, hover your mouse over the link and review the website address. If the link does not match the senders URL, do not open. If you'd like to view the embedded link, simply open a new browser tab and manually search for the link in your browser.
  • Check for grammatical and spelling errors: Often, a phishing email will contain a grammatical or spelling error. Be sure to carefully review the content of unsolicited or unexpected emails.
  • Don't download any attachments: Often times, attached documents in phishing emails contain viruses or act as a way to deliver ransomware. Don’t ever open any email attachments you weren’t expecting. If you are expecting an attachment via email from a client or vendor, but have doubts about the email always call the client or vendor at a previously known valid phone number to confirm they actually sent an email with the attachment in question.
  • Don't fall for urgent and action item subject lines: Another common phishing tactic is urgent subject lines requiring you take an immediate action. For example, "Action Immediately Required" or "Urgent: Password Needs to be Updated!"
  • No personal information should be sent via email: If you receive an email requesting you enter your personal credentials via email, don't. Always open a new tab browser and login directly on the site.

Most importantly, if a mistake is made with such a suspicious email, ensure that staff are trained and comfortable immediately reporting the incident in order to contain and mitigate the potential damage. Knowledge remains the best disinfectant for a phishing attack. 

Learn more about How to Protect your RIA Firm from Email Phishing Attacks here.

Our MyRIACompliance® cybersecurity platform empowers an RIA firm to efficiently construct, implement, and document a robust cybersecurity compliance program with a single solution. The platform is designed exclusively for RIA firms of all sizes who face unique people, technology, and third party vendor cybersecurity risks and regulatory requirements. The platform also includes special email phishing coronavirus-themed templates to better test and train RIA staff members while working remote.


HubSpot Video