Phishing scams are rising and are one of the most commonly used cyber security threats. These phishing scams trick users into handing over sensitive information, which is used to gain access to protected data and files. The methods used are increasingly sophisticated, fortunately there are ways to help safeguard you and your business from these attacks.
Email link – an email is sent with a link that redirects you to an unsecure website, which requests sensitive information
Email spoofing – an email is created with a forged sender address, so it appears as a legitimate source, and a request for details is made such as usernames and passwords
Trojan – a malicious email attachment allows the cyber criminal to access your system and gain confidential and personal information
Telephone impersonation – confidential information is obtained by impersonating an IT department or well known company
Tips to avoid phishing attacks
Educate your staff
New phishing techniques are coming out all the time and many people are not aware of the dangers and what to look out for. Keep your staff up to date with all the tactics and conduct regular face to face training sessions to help staff recognise phishing emails and attacks.
Ensure everyone within your organisation understands the risks involved in opening links from an untrustworthy source. Do not click on a link unless you have checked that it is from a reliable source.
Credible companies, such as banks and Microsoft, will never ask for personal information (usernames, passwords, account numbers) through an email. Beware of poorly written emails, overuse of jargon or emails without contact details. If in doubt end the call and then call them back to make sure it is a legitimate request.
Ensure all your computers are using the latest version of all software, including internet browsers. Many phishing attacks exploit systems that are not updated.
There are many good reasons to use antivirus software. Install an enterprise level AV solution, regularly monitor the status and ensure that it is kept up to date.
Web and spam filter
Use a web filter that blocks malicious websites and install a spam filter that can prevent emails from reaching the inbox of your employees.
By using a desktop as well as a network firewall you will drastically reduce hackers infiltrating your systems.
Email authentication is a technical solution where your mail server checks that emails are not forged, it flags the emails accordingly or even rejects the messages.
Regularly check your online accounts for any suspicious activity.
All businesses are vulnerable to phishing attacks but as a general rule be cautious, be vigilant and use common sense.