Technology and IT scams are the prevalent headlines most of the times today. Internet advancements and technology innovations had given rise to social engineering and its negative impact in the form of phishing, malware and other forms of cyber attacks. Some time back the news of the Hotmail Phishing attack was talking about. This eminent global brand witnessed an issue, where more than 10,000 hotmail passwords were violated by hackers and third party intruders. This is the reason why companies are required to educate their employees and staff about the required guidelines that one need to follow to remain secure from vicious Phishing attacks. The media reports about this mass Phishing attacks and other related occurrences of enterprise spear Phishing indicates the huge number of mail accounts that were compromised and valuable data loss. These information contained private, financial, official and legal details. Mulling on this, Paul Wood, Senior Analyst, Symantec said that ” “A user’s unique email address is often used to authenticate a number of Web sites, including social-networking sites and instant messaging on a public instant messaging network” about Phishing attacks through e-mail. Wood also gave the following advice “If your e-mail address has been compromised, not only should you change the password there, you should also change it on any other site that uses that email address as a login ID.” In the recent Phishing fall rate reports, the maximum number of security breaches has been revealed. The major focus area has been the people’s control area that needs sustained focus and Phishing attacks are targeted at the unsuspecting users. Furthermore, apt technology and process control too needs to be deployed. However, it would not be of any good if the controls are weak. The modern day solutions address the “process and technology” aspect of a Phishing attack. At the same time, there are few companies that have introduced anti-Phishing tools that address the “people’s risk” aspect. The latest trend however is the “incident-based” approach that helps in offering a comprehensive solution depending on a particular incident and its impacts. Leading service providers’ today provides protection from Phishing and takes proactive measures to educate the user so that they can detect Phishing attacks and are able to avert the same in future. They assist in leveraging the teaching moment that is set up depending on the user’s response and post that generates an action plan that needs to be executed to avert further problems. Therefore, with these steps companies can develop a sound anti-phishing strategy.