The word “phishing” is pronounced exactly as it is spelled, that is, like the word “fish” – the comparison being that of an angler casting a baited hook out there (the phishing email) and hoping you bite.
Scammers send bogus emails to thousands of people requesting sensitive information (such as bank account numbers) or include links to malicious websites. For example, they could be attempting to dupe you into transferring money, stealing your personal information to sell on, or gaining access to your company’s data for political or ideological reasons.
Here are some guidelines on protection from phishing attacks for your company.
How Phishing Works
Because phishing scams are made to look legitimate, it’s essential to identify them. Here are four classic types of phishing scams.
The most prevalent type of phishing is mass-email phishing. Someone sends an email purporting to be someone else and tries to deceive the receiver into doing something, usually logging into a website or downloading malware.
Email spoofing is a type of attack in which the message’s header—the from field—is faked to make it appear as if it was delivered from a trustworthy sender.
Protection From Phishing Attacks
Part of keeping your business safe online involves being aware of phishing scams. Here are five tips on phishing attack protection for your organization.
1. Stay Informed
Every day, new phishing scams emerge. Not knowing the latest phishing strategies puts you at risk of falling for one. Keep a lookout for new phishing scams. You will be less likely to be caught if you are aware of them early on. IT managers should conduct regular security awareness training and simulated phishing for all users to keep security top of mind.
2. Think – Don’t Click
It’s OK to click on links when you’re on a trusted website. However, clicking on links in random emails and instant messages isn’t such a good idea. Before clicking on any links that you’re not sure about, hover over them.
Are they leading in the right direction?
A phishing email may appear from a reputable organization, and when you follow the link to the website, it may appear identical to the actual one. You may be asked to fill out the information in the email, but your name may not be included. Most phishing emails will begin with “Dear Customer,” so be wary if you receive one. Go straight to the source when in doubt, rather than clicking a potentially dangerous link.
3. Pause Before Giving Out Personal Information
You should never share personal or financial information as a general rule over the Internet. When in doubt, go to the company’s official website, find their phone number, and give them a call. The majority of phishing emails will send you to a page where you must enter money or personal information.
Never enter confidential information using the links supplied in emails. Never send anyone important information via email. Instead, make it a practice to check the website’s address. “HTTPS” always precedes a secure website.
4. Pops Are Dangerous
Pop-up windows often pose as fundamental website components. Sadly, they are typically phishing attempts. Popular browsers let you disable pop-ups or enable them only in certain situations. Unfortunately, the “cancel” button naturally leads to fraudulent sites. So instead, click the x in the window’s upper corner.
5. Keep the Browser Up-To-Date
Popular browsers regularly receive security updates. They are published in response to security flaws discovered and exploited by phishers and other hackers. Stop ignoring browser update notifications. As soon as an update is available, download it.
What To Do?
You need not be afraid of phishing scams. However, following the above advice should give your business protection from phishing attacks. Unfortunately, there is no single solution to avoid phishing assaults!
If in doubt – give IT a shout! Let IT know when you feel you are being phished!
Do you feel you need extra data security? Contact our MidnightBlue team, they are dedicated to keeping your business secure, backed up, and operational all the time.