Phishing attacks are one of the oldest tricks in the cybercriminal playbook — and still one of the most effective. Despite years of awareness campaigns, employee training, and improved email filtering, businesses across New Jersey continue to fall victim to phishing schemes that lead to data breaches, financial losses, and operational disruption. Why do phishing attacks still work? The answer lies in a combination of evolving tactics and deeply rooted human psychology. At KMF Technologies, we help small business owners understand these mechanisms, so companies can build effective defenses.
The movies often portray confident men as sympathetic rogues, cheerfully relieving the haughty, pompous, and corrupt of the burden of wealth. A favorite in this genre is The Sting (1973), which opens with a compact masterclass in con games. Johnny Hooker (Robert Redford) seems to interrupt a mugging in which a black man, Luther Coleman, is stabbed. The scene catches the attention of a well-dressed man whose curiosity, and subsequently his greed, gets the best of him. Luther displays a roll of bills and explains that he needs to pay off a loan shark or face dire consequences. With the stab wound hobbling him, Luther will never make his deadline.
Luther begs Hooker to take his money and deliver it, but Hooker refuses. Luther then asks the well-dressed man. He agrees, but Hooker cautions him that the mugger might still be lying in wait outside the alley. Hooker suggests that he place Luther’s cash in a handkerchief, along with any money he is carrying, to hide it securely. After the well-dressed man hands over the contents of his wallet, Hooker folds all the money into the handkerchief and tucks it into the front of his trousers. “No tough guy in the world will frisk you there,” he promises. Then he appears to remove the bundle from his trousers and hand it to the man, who tucks it away as per instruction.
Of course, the man has no intention of running Luther’s errand. He wants to keep the cash for himself. He hails a cab and as it speeds away, he removes the bundle from his trousers. That’s when he discovers he’s been the victim of the notorious “handkerchief switch.” His bundle is mere tissue paper. The bundle with the cash is still in Johnny Hooker’s pants.
The Sting, which would win the Academy Award for Best Picture, is one of the best-loved conman films, a genre which includes Paper Moon (also 1973), House of Games (1987), Dirty Rotten Scoundrels (1988), The Grifters (1990), The Spanish Prisoner (1997), Catch Me If You Can (2002), Matchstick Men (2003), and American Hustle (2013). Some portray conmen romantically, while others show them as soulless parasites. Either way, you don’t want to play “the mark,” whether face-to-face or via a cyberattack.
Phishing is no longer limited to poorly written emails from unknown senders. Today’s attacks are targeted, sophisticated, and often highly convincing. Key elements include:
Personalization and reconnaissance — Cybercriminals frequently research their targets before launching an attack. Using publicly available information — company websites, LinkedIn profiles, or even social media — they craft emails that appear relevant and legitimate. An employee might receive a message that looks like it’s from:
This technique, often called spear phishing, dramatically increases success rates.
Business Email Compromise (BEC) — In more advanced cases, attackers gain access to a legitimate email account and use it to send fraudulent requests internally. These emails often involve:
Because the message comes from a trusted source, employees are far more likely to comply.
Timing and context — Attackers often strike when employees are:
For example, an email marked “URGENT: Invoice Due Today” sent late on a Friday afternoon is far more likely to prompt a hasty response.
Even the best technology can’t fully compensate for human behavior. Phishing works because it exploits predictable psychological tendencies, such as:
In short, phishing attacks succeed not because people are careless, but because they are human.
Defending against phishing requires a layered approach that combines technology, policy, and employee awareness. A comprehensive approach includes:
Employee training and awareness — Regular cybersecurity training is essential. Employees should learn how to:
Ongoing simulated phishing campaigns can reinforce these lessons in real-world scenarios.
Multi-Factor Authentication — Even if credentials are compromised, MFA adds a critical layer of protection. Require MFA for:
This simple step can prevent many attacks from escalating.
Advanced email security solutions — Modern email filtering tools go beyond spam detection. They can:
A managed IT provider can help implement and maintain these systems effectively.
Clear financial and data policies — Establish strict procedures for handling sensitive requests:
These policies reduce the likelihood of successful Business Email Compromise attacks.
Endpoint and network security — Ensure all devices connected to your network are protected with:
Phishing often serves as the entry point for broader attacks, so strong endpoint security is critical.
Incident response planning — Even with strong defenses, no system is foolproof. A clear incident response plan ensures your team knows what to do if an attack occurs:
Fast action in response to a phishing attack can significantly reduce damage and liability.
For small and mid-sized businesses in New Jersey, maintaining this level of security internally can be challenging. As a managed IT service provider, KMF Tech offers:
More importantly, KMF Tech helps create a security-first culture, where employees and systems work together to reduce risk.
Phishing attacks persist because they exploit technological gaps and human nature. As attackers become more sophisticated, businesses must respond with equally thoughtful defenses. The goal isn’t just to block malicious emails; it’s to build an organization that can recognize, resist, and respond to threats effectively. With guidance from KMF Tech, your business can significantly reduce the risk of falling victim to phishing. Call us today.
