By Andrea Stevens
AFRO Staff Writer
astevens@afro.com

Phishing emails continue to be one of the most common cyber threats, targeting businesses and individuals with deceptive messages designed to steal sensitive information. These fraudulent emails often appear legitimate, impersonating trusted organizations or colleagues to trick recipients into clicking malicious links, downloading harmful attachments or providing confidential data.

Timothy Smoot is an executive vice president and chief financial officer at Meridian Management Group Inc. Credit: Courtesy Photo/ Timothy Smoot

Executive vice president and chief financial officer Timothy Smoot at Meridian Management Group, Inc., enjoys giving insight on how to avoid these scamsโ€“ after all, heโ€™s seen how phishing scams work up close and personal.ย 

โ€œOne time, a scammer pretended to be my business partner, Stanley, but referred to me as โ€˜Timothy.โ€™ In 40 years, Stanley has never called me โ€˜Timothy,โ€™โ€ said Smoot. โ€œThat was an immediate red flag.โ€ย 

For businesses, phishing attacks can result in financial losses, data breaches and reputational damage. Cybercriminals use phishing schemes to gain access to corporate networks, exposing sensitive customer information, employee credentials and financial records. A single successful phishing attack can lead to ransomware infections, operational disruptions and costly legal consequences.

โ€œFrom time to time, I get emails with invoices from someone I have no clue who they are,โ€ Smoot said. โ€œIf youโ€™re unfamiliar with the sender, the vendor or the transactionโ€“ thatโ€™s a sign it could be phishing.โ€

Individuals are also at risk, as phishing emails are often disguised as urgent requests from banks, government agencies or tech support services. Clicking on a phishing link may install malware that tracks each keystroke made on a computerโ€™s keyboard. This helps scammers steal login credentials and can compromise personal financial accounts.

Experts recommend several precautions to mitigate the risk of phishing attacks.ย 

Employees should undergo cybersecurity training to recognize suspicious emails, avoid clicking on unexpected links and verify the legitimacy of messages before taking action. Multi-factor authentication adds an extra layer of security, reducing the likelihood of unauthorized access even if credentials are compromised.

โ€œEncrypted messaging is a great security tool, but you need to be cautious about stored credentials,โ€ Smoot said. โ€œI never allow my portal to save my username or passwordโ€”itโ€™s just not safe.โ€

Businesses can also implement email filtering systems to detect and block phishing attempts before they reach inboxes. Regular software updates and strong password policies further enhance protection against cyber threats.

According to the Federal Trade Commission (FTC), โ€œIf you paid or sent money to someone you think is a scammer, you might not get it back, but itโ€™s always worth asking the company you used to send the money if thereโ€™s a way to get it back.โ€ย 

The agency also advises those who have already given a scammer a username and password to log into the account right away and create a new password.ย 

โ€œIf you use the same password anywhere else, change it there, too,โ€ suggests FTC experts.

Whether safeguarding business or personal information, individuals must remain vigilant, report phishing attempts and follow best practices to protect themselves. By staying informed and proactive, they can reduce the risks associated with phishing emails and defend against cyberattacks.