Anti-phishing tips for personal and professional use
Phishing is a form of cyber attack which preys not on software or systems weaknesses but on the human factor. No person or company is infallible to a phishing attack, particularly as cybercriminals become smarter and more believable in their scams. It is, however, entirely possible to significantly reduce your chances of falling prey to a phisher.
The following five tips will help you to increase your awareness of phishing attempts and stay vigilant against them. Whether you are attempting to bolster digital security in your personal life or encouraging employees to keep company systems safe, read on.
1. Check email addresses and URLs
Scammers can make their emails look very official, but they do not have access to the legitimate email domains and URLs of the companies they impersonate. If you have any reason to doubt the veracity of an email that purports to be from a specific company, find a website of theirs you know to be official and check that the domains included in the email match it.
Before clicking a link, hover your mouse over it so that the URL is displayed. You can then check for errors or discrepancies. Where possible, avoid following links from emails at all. Instead, open up the website for the company separately and find where you need to go from there.
2. Confirm that contact is legitimate
Before clicking on any link contained in an email, ask yourself whether this company has any reason to contact you. Do you have any account with them, and/or is there any reason for them to have your email address? If not, the best course of action is to ignore it.
Even if an email or message is purportedly from a company you have dealt with in the past, you should call them on a trusted number (or otherwise contact them through a verified channel) instead of following the link. If it is a legitimate request for information or payment, they will be able to confirm it for you and either deal with it then and there or resend the link to show it is legitimate.
3. Don’t use public WiFi hotspots
Unless you are sure that they are secure, avoid random public WiFi hotspots! These can be created by cybercriminals to steal data including email addresses, usernames, passwords, and relevant browser history—the latter, of course, can help phishers to create the hooks that will catch you.
This is a particularly pertinent point for employers. The cost of providing enough data for employees who have to work on portable devices while out and about is well worth protecting against security breaches that can come about from team members using unknown and unsecured hotspots.
4. Be wary of urgent and fear-invoking messages
Phishers often aim to prey on people’s anxieties and worries. This means that many phishing emails use words like “urgent”, “warning”, and “important”. They will warn of unfortunate consequences should you not take the recommended action, and generally do everything to create a sense of urgency and fear.
If you feel that an email is a little dramatic and trying to rush you to click on a link and/or take an action like providing any personal details, stop and think. Consider the first two tips laid out above, and first verify that the company and contact are legitimate.
5. Keep everything up to date
Firstly, you should check that your security programs include anti-spam and anti-phishing software. With these in place, it’s important to keep them up to date. This provides the best possible protection against phishing attacks.
Updating your browsers and operating systems is another foundational brick in the cybersecurity wall. This small but significant step, which implements any patches recently released, bolsters the defense against phishing and any other kind of cyber attack.
Training staff in the prevention of phishing attacks is a big step towards keeping your systems and data safe. These tips, as part of a robust systems security plan, can contribute towards effective cybersecurity. Talk to the CANDA team for more information on how to protect your business.