Security • Email
Phishing protection (for real life)
Most phishing isn’t “obvious Nigerian prince” emails anymore. It’s invoices, DocuSign look-alikes, HR messages, or a “CEO” asking for gift cards. Here are simple patterns employees can watch for—and the IT controls that reduce risk.
Rule #1: If the message creates urgency + money + secrecy, treat it as suspicious.
Top patterns to teach employees
- Urgent payment request: “wire today,” “new bank details,” “payment needed now.”
- Impersonation: sender name looks right, email address is slightly off.
- Link mismatch: hover over links—domain doesn’t match the real site.
- Attachment pressure: “open this invoice,” “review payroll changes.”
- MFA fatigue: unexpected push notifications asking to approve.
Business controls that reduce phishing damage
- Enforce MFA everywhere (especially email + admin portals).
- Enable impersonation protection and safe links (license dependent).
- Block legacy authentication and risky sign-ins.
- Use least privilege (users should not be local admins by default).
- Backups + restore testing for ransomware recovery.
A simple “verify” process (fast, not annoying)
For payments or bank detail changes: verify via a known phone number (not the email thread). For login alerts: don’t approve MFA pushes you didn’t initiate. Report them immediately.
Want Vanguard to harden your email and identity security?
We’ll reduce phishing risk without making email painful for your users.