Phishing is the most common form of cybercrime and one of the biggest threats to organizations and individuals today. Phishing scams are fraudulent emails designed to trick individuals to divulge sensitive information or gain access to your company network via malicious links or attachments.

In the past few years, there have been numerous highly damaging data breaches which have impacted many of America's largest companies and their customers. In each one of these cases, millions of sensitive files, including credit card numbers, passwords and other confidential information, were compromised simply by someone clicking on a phishing link.

Phishing emails can come in many forms, whether it be impersonating someone you know, an urgent request from your bank, or a fake audit notification from the IRS during tax season. We know these phishing messages can be tricky to avoid, but we have some tips to help you spot phishing.

• Trust your instincts
  Phishing emails look and feel like the real deal – some are branded, well-written and look and feel right to the non-discerning eye. But if it feels a bit “off,” or doesn’t seem quite right, then follow your instincts and find a safe way to verify the email.

• Scrutinize senders
  Check for slight variations in spelling or format in the domain name that you may miss at first glance. If you are unsure or don’t know the sender, verify by reaching out through an alternate method (not by hitting reply).

• Hover over, don't click URLs and avoid attachments
  If you don’t know the sender, don’t click on the link. PC users can also hover their cursor over the link to get the real URL and verify the sender. The same goes for attachments – if you’re not sure, don’t open it.

• Don’t share personal info and bypass urgent requests
  Be especially wary if you’re asked to provide any personal information, like your social security number or password, in an email. Most companies will not send you an email asking for such sensitive information. Also be wary if it’s a request demanding urgent action or consequences for not acting – for example, an email warning that your account will be deactivated or a request for immediate payment.

• Keep work and personal activity separate
  Use your company email exclusively for work-related activities and use only company-issued devices when conducting work. And avoid sharing your email to social media sites or using your company email for online shopping.

• Always verify via phone
  If you receive an email from someone you know who is asking for sensitive or confidential information, call them on the phone and verify the authenticity of the email by confirming they are in fact the one who sent it.

For more information about phishing, please visit the Federal Trade Commission (FTC) and search for phishing.

Whether it’s costly malware, ransomware, bots, or a phishing attempt, small businesses need to implement cybersecurity measures that include anti-virus programs, firewalls, and network security solutions that proactively help protect all devices connected to your network. See how Comcast Business SecurityEdge™ can help protect the Internet-connected devices that employees and guests use every day.