Phishing is a form of cybercrime in which attackers pose behind an innocuous-seeming email. Their goal is to get you to click on a malicious link. From there, they can obtain privileged information, hack into your accounts, and even infiltrate your whole network. Your firm is therefore only as safe as your most unsuspecting user.
You may think you are savvy enough to avoid them, but phishing scams are getting more sophisticated and harder to detect all the time. Here are some tips for staying ahead of this simple yet effective trick.
1. Never click on hyperlinks in an email
Never click on a hyperlink in an email, especially if it is from an unknown sender. If you need to check out the website the link supposedly is associated with, manually type the URL into the web browser itself.
2. Never enter sensitive information into a pop-up window
Pop-up windows represent another tool used by phishers with illicit agendas. In fact, you are best served by restricting pop-up windows all together, except at those sites that you know for certain to be trustworthy.
3. Verify HTTPS in the address bar
Whenever you are conveying confidential information online, confirm that the address bar reads “HTTPS” and not the standard “HTTP.” The “S” confirms that the data is being conveyed through a legitimate, secured channel.
4. Education on phishing attacks
Staying abreast of phishing scams and the technology designed to prevent them is crucial. A plethora of reliable educational resources exist on the Internet that are designed to assist a person in preventing phishing attacks, including security awareness courses by Kraft Kennedy.
5. Keep antivirus protection current
Although keeping antivirus protection up to date may seem like a patently obvious strategy, a surprising number of people fail to take this very basic step. The reality is that identity thieves and other criminals are constantly evolving their schemes. Therefore, maintaining current antivirus protection is an invaluable first line of defense against phishing attacks.
6. Use anti-spam software
A number of reasons exist for taking advantage of anti-spam software. One of its benefits is that it can provide some degree of protection against phishing attacks. This type of software naturally filters out a good amount of phishing emails that would otherwise end up in an inbox.
7. Use anti-spy software
On a related note, you should use anti-spy software as part of a comprehensive effort to prevent phishing attacks. This type of software lessens (although does not completely eliminate) the presence of spyware on a computer. Reducing the amount of spyware that ends up on a computer significantly lowers the risk of a malicious phishing attack.
8. Install and maintain a reliable firewall
Another good practice to avoid phishing attacks is in the installation and maintenance of a reliable firewall. A firewall protects against the introduction of malicious code onto a computer, which represents another form of phishing.
9. Protect against DNS pharming attacks
DNS pharming attacks are a recently developed type of phishing attack that does not involve email or pop-up windows. Rather, an individual’s local DNS server is said to be poisoned. The net result of this poisoning is that a person’s attempt to go to an actual website is interrupted and misrouted to a fake venue. The fake site looks remarkably like the real thing and is designed to capture personal and financial information. For example, you may want to go to your bank website, but end up at a fake one through a DNS pharming attack.
The only sure way for this type of phishing attack to be prevented is for an administrator to use security techniques to “lock down” a DNS server.
10. Backup system copies
By making backup system copies, you can revert to an uncorrupted system if a phishing attack is suspected.
11. Email requesting fund transfers
All emails requesting fund transfers should be considered suspect. Before money is transferred, the details of the wire transfer should be validated via a phone conversation with the relevant party on a phone number that can be validated. If the third party is new, an extra step to validate should be put in place to confirm its legitimate identity.