Connect with us


Startup support: How to prevent a phishing attack



How to prevent a phishing attack

There are many ways that cybercriminals try and gain access to personal and private data in the modern world, whether it be through Internet banking loopholes or password hacking. However, one trick that has stood the test of time is phishing – something that online criminals have been executing since the internet was created in the 1980s.

The act of phishing is where a hacker sends emails or other message types (texts, instant messages etc) while masquerading as a legitimate company. For example, a hacker might set up an email account designed to look like PayPal and send an email to targets asking them to change their payment information.

The hope, for the attacker, is that the target will click on the link and enter in new payment information. From there, the attacker can steal this information and use the banking information to effectively scam the victim out of all of their money. While this is an extreme example of phishing, it’s possible and all businesses need to be set up to combat it.

How to prevent a phishing attack

How to prevent a phishing attack as a business

Configure staff accounts

If you are a startup with several employees then you should only give basic IT privileges to your staff to reduce the damage if a phishing attack is successful. If one of these low-privilege accounts is compromised then the damage won’t be as significant if the hacker can only do limited things once they have gained control of the login.

Only assign yourself as an administrator and only allow the administrator to perform certain tasks, such as view payment information and key business documents. This way, the only way a phishing attack will be dangerous is if you are personally attacked rather than any of your employees.

Set up two-factor authorisation on all accounts

Gone are the days when a password is enough protection for your personal/private accounts. Due to the prevalence of phishing attacks, you need to set up two-factor authorisation on all of your accounts to make life doubly difficult for attackers.

Two-factor authorisation works whereby you will be prompted to do something else after you’ve successfully entered a password. This could either be to check your email address for a code or to log onto an authentication app on your phone. This just means that if a phisher gains access to key passwords, then they still won’t be able to gain access to your accounts as you will have the power to block them via the second layer of security.

Check for obvious signs of phishing

If you receive a text or an email from a business that is asking you to do something (eg reset a password or change payment information) then before doing anything, investigate the message. There are many giveaway signs of a phishing attack which are useful to know for preventative purposes. Here are five signs to look out for:

  • Poor spelling and grammar.
  • Is the message addressed to you by name, or does it refer to you as a ‘valued customer’ or ‘sir/madam’?
  • Does the message urge you to act rapidly or urgently?
  • Does it sound too good to be true? Sometimes, phishers will try and tell victims they can claim a prize.
  • If via email, does the email address look legit?

types of phishing

Create an open working environment

By creating an open and friendly working environment, you will encourage your staff to ask if they are ever unsure about anything, particularly if they receive an email that they suspect might not be as it seems. The last thing you want is for your staff to feel like they are bothering you if they have to raise things with you as this can lead to them falling for phishing bait.

Additionally, don’t punish staff if they do fall victim to an attack. It will only discourage other members of staff from reporting in the future and make your staff so fearful about every email they receive that no work will end up getting done.

Assess your digital footprint

The best phishers will design bespoke attacks for your business. This means they will search the internet to find public information about your business, most likely from your website and social media accounts. Therefore, assess what information is out there in the public about your business and remove anything that could be used as a weapon against you in a phishing attack.

Andy is a Professional Content Editor with expertise in a whole host of areas (or so he tells us anyway). His main interests are Startups, innovation and social media. He has reviewed over 100 startups so far for

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Top of the month

Copyright © 2023 STARTUP INFO - Privacy Policy - Terms and Conditions - Sitemap - Advisor


We are a global Innovative startup's magazine & competitions host. 12,000+ startups from 58 countries already took part in our competitions. STARTUP.INFO is the first collaborative magazine (write for us or submit a guest post) dedicated to the promotion of startups with more than 400 000+ unique visitors per month. Our objective : Make startup companies known to the global business ecosystem, journalists, investors and early adopters. Thousands of startups already were funded after pitching on

Get in touch : Email : contact(a) - Phone: +33 7 69 49 25 08 - Address : 2 rue de la bourse 75002 Paris, France