Subscribe

Fraud How to defend against corporate phishing attacks

How to defend against corporate phishing attacks 

Corporate phishing attacks are a type of social engineering fraud (SEF) where malicious actors pose as a trusted person or entity to send fake, emergency-related messages.Impersonation—whether by email, phone, or in person—is the foundation of successful phishing attacks. The 2025 AFP Payments Fraud and Control Survey Report found 60% of respondents reported incidents of vendor impersonations by scammers. It’s critical to arm your employees with the knowledge and tools needed to protect your business.

Key concepts

In this article, you’ll learn how to:

  • How and why corporate phishing happens
  • How employees can stop attacks in their tracks
  • How technology and training can make a difference

Video: Fraud prevention 101: Phishing

Component ID : "accordionGridLayout-1973277518"
Model : "disclaimer"
Position : "left"

Fraud Prevention 101 – Phishing

(Visual Description: Fraud Prevention 101: Phishing.

The Truist logo is displayed in the lower right corner.

Description reads: Phishing: Phishing relies on human error to access secure information.)

Phishing is when hackers and fraudsters pretend to be legitimate businesses in order to steal your personal information or sign in credentials. 

(Visual Description: Dictionary definition reads: Phishing: The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. )

It's a common tactic because tricking people into revealing information is usually easier than breaking through devices defense systems.

Beware of unsolicited requests for personal information from senders who don't recognize and don't click on links and emails or text messages that look suspicious.

(Visual Description: The graphic shows an illustration that reads Click Here with the “no symbol” over it.

Spot the signs of phishing attempts.

Truist title and logo appear in the center of the page.

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Disclosure: Truist Bank, Member FDIC. © 2021 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.)

How does corporate phishing happen? 

Cybercriminals exploit fear and doubt, posing as reputable organizations or government agencies to defraud companies, especially in times of crisis. Through email, texts, phone calls, or websites that spoof (imitate) a business you transact with, these counterfeit communications can trick your staff into sharing sensitive information or clicking malicious links.

Good news:“Classic” business email compromise is on the decline. Disclosure 2

Case study: Careful planning helps network hardware supplier thwart a potentially devastating phishing attack.

In 2022, hackers took control of a Cisco employee’s Google account.Disclosure 1 Then they used vishing (voice phishing) to trick a corporate help desk employee into providing access to Cisco’s network.

Thanks to strong security protocols, Cisco’s IT team detected and removed the hackers before damage was done. The company quickly turned the attack into a teachable moment by updating its cybersecurity protocols to further strengthen its defenses.

Best practices and prevention

Like Cisco, your company can put policies in place that empower employees to stop corporate phishing attacks. Here are some proactive best practices to discuss with your teams.

Teach staff to spot sketchy emails.
The 2025 AFP Payments Fraud and Control Survey Report found 63% of reporting organizations had been targets of business email compromise.Disclosure 1 Train employees at all levels to watch for misspellings in email addresses and domain names, tonal inconsistencies, unusual timing, fraudulent links, and urgent requests for sensitive information. Any of these can be an indicator of corporate phishing.

Update protocols for flagging suspicious messages.
Talk to your tech experts and security team about ways to flag suspicious communications and quickly neutralize threats. This can include teaching employees to report emails, as well as implementing filters to flag emails automatically if they meet certain criteria.

Use tech to bolster your defenses.
Set up strong spam filters on company email networks, mandate digital signatures on documents, and require multifactor authentication when signing in to servers. Educate employees on how to select, protect, and regularly change their passwords to prevent theft.

Report corporate phishing scams.
Alert your whole team when there’s been a phishing attempt or attack. Explain what happened, how to spot something similar, and who to contact if they do. Giving them the heads-up makes it less likely they’ll fall for the same scam.

Talk to Truist.
If you’re ever in doubt about the authenticity of an email from Truist, reach out to your relationship manager to verify it. Our fraud prevention professionals can help identify and halt phishing attempts the instant they appear.

FAQ on corporate phishing

Component ID : "faq-1301646222"
Model : "faq"
Position : "left"

Corporate phishing is a cybercrime where scammers use social engineering fraud (SEF) to pose as a trusted person or entity to manipulate unsuspecting employees into harming your company. 

Common consequences of corporate phishing attacks include loss of money or company data, reputational damage, and disrupted business operations. 

The most common corporate phishing method is email, followed by text message (smishing) and telephone (vishing).Disclosure 3 Spear phishing and whaling are prevalent forms of corporate phishing that target specific individuals.

Executives, executive assistants, salespeople, and human resources professionals are most frequently targeted—but scammers will target anyone they think might allow them to breach your system.Disclosure 4

Finance and insurance is the most frequently targeted sector, followed by manufacturing, services, technology, and the retail and wholesale space.Disclosure 5

Spoofing is using technology to pretend to be someone else in order to steal data or funds—or to cause disruption or damage, such as the installation of malware.

Turn to professionals for protection.

For resources on cybersecurity threats and the various types of fraud facing your organization, connect with one of Truist’s relationship managers.

Truist Purple PaperSM Digital Transformation

Learn how you can put advanced technology to work for your business.
Download the Purple Paper (PDF)
Client Success Stories

Supporting a future-focused advisory firm through accelerated growth

Helping a repair service entrepreneur flip the switch on business transition

Paving the way to growth for an infrastructure innovator

See all Client Stories

Related resources

    {0}

    {0}

    {2}
    {6}
    {7}
    {8}
    {9}
    {12}
    {10}
    {11}

    {3}

    {1}
    {2}
    {6}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}
    {1}
    {2}
    {7}
    {8}
    {9}
    {10}
    {11}
    {14}
    {12}
    {13}

    Stay informed and get connected

    Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

    Connect with a Relationship Manager

    Work with a partner who sees your vision and has the resources to help you achieve it. We’re ready to focus on the specific needs of your company—and where you are in your business lifecycle.

    *This form is for prospects. Truist clients should contact their relationship manager with inquiries related to commercial products and services.

    Contact us

    Helpful links

    Business Insights
    Truist Business Lifecycle Advisory
    Business Resource Center
    Sign up for monthly articles on Business Insights

    Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

    Please enter a first name
    Please enter a last name
    Please enter a valid email address
    Please enter a company name
    I'm also interested in: Please select a campaign option
    Component ID : "accordionGridLayout-1396148670"
    Model : "disclaimer"
    Position : "left"

    Disclosure 1Cisco averts cyber disaster after successful phishing attack,” ComputerWeekly, August 11, 2022.

    Disclosure 22025 AFP Payments Fraud and Control Survey Report,” Association for Financial Professionals, April 2025.

    Disclosure 32023 State of the Phish Report,” Proofpoint, 2023.

    Disclosure 45 Types of Employees Often Targeted By Phishing Attacks,” Entrepreneur, September 7, 2016.

    Disclosure 5Zscaler ThreatLabz 2024 Phishing Report,” Zscaler, 2024.

    Disclosures

    Truist Bank, Member FDIC. © 2025 Truist Financial Corporation. Truist, the Truist logo, Truist Purple, LightStream, and the LightStream logo are service marks of Truist Financial Corporation.

    Equal Housing Lender

    Investment and Insurance Products:

    • Are Not FDIC or any other Government Agency Insured
    • Are Not Bank Guaranteed
    • May Lose Value

    TRUIST is a service mark of Truist Financial Corporation (Truist) and its affiliates.

    Services provided by Truist Financial Corporation (Truist) affiliates: Banking products and services, including loans and deposit accounts, provided by Truist Bank, Member FDIC. Trust and investment management services provided by Truist Bank. Securities, brokerage accounts and/or annuities offered by Truist Investment Services, Inc., an SEC registered broker-dealer, and member FINRA and SIPC, and a licensed insurance agency. Investment advisory services offered by Truist Advisory Services, Inc. and GFO Advisory Services, LLC, SEC registered investment advisers. Some insurance products offered by Truist Investment Services, Inc. Other insurance products offered by Marsh & McLennan Agency, LLC (as successor in interest to McGriff Insurance Services, LLC) CA License #0H18131, Kensington Vanguard National Land Services, and Crump Life Insurance Services. Truist Life Insurance Services (TLIS) is a division of Crump, Arkansas License #100103477. Variable insurance material is for broker-dealer or registered representative use only. Variable products distributed by P.J. Robb Variable, LLC, Arkansas License #100110185. Member FINRA.

    Marsh & McLennan Agency LLC, Kensington Vanguard National Land Services, Crump Life Insurance Services, Truist Life Insurance Services, and P.J. Robb Variable, LLC are not affiliated with Truist Financial Corporation or any of its subsidiaries.

    Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank.

    Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

    Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

    "Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

    Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Please note that Truist provides translations of webpages, documents and disclosures as a courtesy and in the event of any inconsistencies or discrepancies between the English content and the translated content, the English content supersedes the translation. Truist offers phone support in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages, please speak to a representative directly.

    New York City residents:

    Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

    Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

    The Consumer Finance Protection Bureau (CFPB) also provides additional resources for homeowners seeking payment assistance in select languages at: https://www.consumerfinance.gov/housing/housing-insecurity/help-for-homeowners/

    Site footer

    Footer Navigation

    Banking products
    About Truist
    Resources
    Support

    © 2025, Truist. All Rights Reserved.