How to Avoid a Phishing Attack
Phishing refers to trying to lure someone into revealing sensitive information such as logins, passwords, and financial information, and other data. This is accomplished via email or text message by someone pretending to a legitimate institution, like your bank or a credit card company. Once they have lured someone in, they come away with all the information they need to either access your network or access your finances.
Common Types of Phishing Attacks
There are three basic types of phishing attacks, but all of them have one thing in common: someone is impersonating a legitimate website or institution in order to access your critical information.
The most basic type of phishing attack should be easy to spot: you or one of your employees receives an email with a link that takes them to a site asking them to log in. However, careful examination of the email reveals some details that just don’t add up, like serious spelling or grammatical errors, logos that look a little off or are outdated, and a link that you have to follow — a link that just does not look quite right. Once you have arrived at the website, you will be asked to log in or provide detailed account information.
In targeted phishing, the intended target receives an email that has so much personalization (e.g., name, title, company, contact information) that it seems the email must be legitimate — but it is not. Much of the information used in targeted phishing is obtained from your employee’s business-oriented social media accounts (think LinkedIn) and possibly even your own company’s website. You will also likely see much higher quality spelling, grammar, and even graphics, which can make these more difficult to spot.
In this type of phishing attack, your employee will receive an email that seems to be from a well-known filesharing site such as Dropbox or OneDrive indicating that someone needs to share a file. When the link is clicked, it appears to take your employee to the real filesharing site where they must enter their login information to access the file.
Avoiding Phishing Attacks
You can avoid having you or your employees fall prey to phishing attacks through a combination of cybersecurity measures and employee training.
Robust Cybersecurity System
The first line of defense against phishing attacks is to have a robust cybersecurity system installed that can filter email and messages so that phishing emails and messages are blocked and never reached the intended target. However, some phishing may take place outside of email and messages and it is also important that security software can effectively detect and block phishing webpages that are impersonating legitimate institutions.
Know the Red Flags
As just discussed, there is cybersecurity software that can catch these emails and messages before they ever arrive in your employee’s inbox, but on the off chance that one should slip by it is vital that your employees should be educated on the existence of phishing attacks, how to spot them, and what the repercussions are for the company if they fall prey to such an attack. There are certain red flags to be aware of anytime you or your employees receive an email:
- CCs to people you do not personally know
- A sender with whom you have no business relationship
- The sender’s email address is from a domain that seems suspicious
- The email appears to be a reply to something that you never sent
- The hyperlinks or sender’s domain is a misspelling of an actual website
- If you hover the mouse over the hyperlink, the addresses do not match
- There is a hyperlink present but no other information provided
- The email insists that you must log in using your username and password after following the link
- The email seems to be from someone you know (customer, vendor, coworker) but its contents are very much out of character for that person
- The site it wants you to go to is not secured (e.g., starts with http:// instead of https://) or does not currently have a valid SSL certificate
In 2017, the FBI reported phishing as one of the top three reported cybercrimes, and every day millions of phishing emails are caught by email and messaging security filters. However, even the best filters may not be foolproof — which is why it is vital that your employees are trained to recognize the red flags of a phishing attack.
Maryland IT Solutions
If you want to avoid becoming an FBI cybercrime statistic, then you need a robust antivirus and web security system for your network. At Maryland IT Solutions, we can provide you just that: a cybersecurity protection system that is carefully monitored and kept up-to-date to protect your network from the latest online threats, include phishing attacks. Contact us today to see what we can offer you in the way of network security!