Phishing is a cyber attack that uses disguised email as its weapon of choice. While it may not attract the media attention of large data breaches, phishing scams are a serious threat to companies:
- In 2020 Australians lost a combined sum of $141.5 million to phishing scams
- Reports of phishing attacks in Australia were up 75% in 2020, compared to 2019
- The most damaging types of scams included investment scams, dating and romance scams, false billing, threats to life or arrest, and online shopping scams
Source: Security Brief Australia
Phishing is a very real threat for your company, so in this article we will discuss practical steps you can take to prevent it, and save yourself from potentially losing a lot of time and money.
What is phishing?
The scammers essentially trick the email recipient into thinking the message is from a source they know and/or believe they can trust, e.g. a bank, a company the recipient normally does business with or a legitimate person or institution.
They use a deadly combination of psychology and technology to gain access to someone’s email address details so they can:
Steal personal information:
Scammers may sit and watch the recipient’s email activity (on average for 280 days) to collect data, such as login credentials, credit card and bank account details, and other sensitive information.
Gain an entry point for malware and ransomware attacks:
Once the scammers have an understanding of their recipient, they will deliver the recipient with an invitation to take an action – typically to click a link or download an attachment.
This invitation will be highly targeted and relevant to the recipient (e.g. a special offer from a company they regularly do business with, a personalised email from their bank asking them to confirm details, or unexpected news from a fake legal outfit that requires your immediate response (by clicking on a link).
Once the action is taken, the malware or ransomware is downloaded onto the computer.
How to prevent phishing
1. Check your preferences
Ensure your browsers’ anti-phishing preferences are turned on:
Disable automatic loading of images and external content stored on remote servers:
2. Check your emails more closely
To ensure your email security, it is crucial to exercise caution when encountering emails with embedded links. It is advisable to carefully scrutinise their authenticity by looking out for any grammatical or spelling errors. Additionally, it is advisable to hover your cursor over the links to evaluate the destination before clicking on them.
If you are requested to give personal information, avoid clicking on the link. Rather, go to the company’s website or call them directly; if it’s a legitimate request they will have a record and be able to deal with the issue directly.
3. Beware of pop-up screens
Pop-ups are often linked to malware and phishing attacks. You can help to protect yourself from malicious pop-ups by installing an ad-blocker software that will automatically block them. If you are asked to enter personal information via a pop-up screen – don’t do it!
4. Rotate passwords regularly
By changing your passwords on a periodic basis, you can prevent attackers from gaining unlimited access to your account and lock out potential attackers.
5. Install a third party managed spam filter
Managed spam filters add an extra layer of protection, as they’re able to block some of the phishing attempts before they get to the users.
6. Keep your updates up to date
Staying on top of your updates will ensure you stay protected against the latest cyber-attack methods, as they patch holes identified in your security.
7. Train your team
Of course it only takes one user to compromise your entire business, so make sure your whole team understands data security and email attacks, as well as your policies and procedures.
8. Disaster Recovery Plan
In the event of your business falling victim to a phishing scam, a disaster recovery plan will ensure you and your team know the immediate steps that need to be taken in order to minimise damage.
The ultimate prevention
Of course, the ultimate strategy is to work with IT professionals, who can set you up with all the appropriate security measures and even consistently monitor your systems to identify potential issues and ensure you’re consistently up to date.
When it comes to cyber security – prevention is most definitely better than cure. Investing in a professional security solution could save you thousands or even millions.