There’s every chance the first time you heard the term “phishing,” you imagined you were about to go on an angling expedition. While “fishing” is positive and exciting, “phishing” is a negative and criminal activity involving stealing personal information from people online. Phishing scams are ubiquitous on the web and remain one of the most common security challenges that corporate organizations need to be on their toes to deal with effectively.
Whether it’s credit cards or passwords, any sensitive information hackers lay their hands on is potentially valuable. As such, it’s imperative to understand phishing attacks and know how to prevent them. Indeed, it’s worthwhile to prevent than to cure; the reason is that any attempt to deal with phishing after the fact is mainly based on estimates or assumptions of the true extent of hacker damage. Bad actors are often ruthless in their attacks, and for a reasonable amount of time, they are surprised at how much information users leave unprotected.
Know-How Phishing Emails Look Like
All security awareness training should involve training employees and associates to identify good emails and phishing emails.
However, your teaching should never be separate from testing. Conduct routine phishing attempts against your staff. It’s a great way to assess their sophistication in handling phishing attempts. You’ll be able to tell how prepared they are to contain an actual intrusion.
While testing employees, it’s also essential to put management on the scale to measure conformance and enforcement of policies.
Suppose all levels of users at an organization learn the art of identifying phishing emails. In that case, it drastically reduces the chances of an attack succeeding, and testing will ensure your security team can respond to them with management approval.
A fascinating approach to phishing via emails is to send out multiple random emails such that people inevitably click on a link that’s no different from Pandora’s box and expose themselves to a world of vulnerabilities.
There’s also spear phishing, where highly targeted emails reach a highly placed person in an organization with greater access than regular phishing email targets. Again, the most effective way to address this is to train employees on the art of reading emails.
When emails come from a trusted source, one technique is to forward the message to the same person to confirm they sent it.
An email that looks “phishy,” even when it’s from a source you do not trust, is enough reason to call the supposed sender to confirm that they sent the email.
To reveal if the content is legitimate, running the cursor over the sender and all links within the email is often enough. Malicious links usually don’t align with the email or link description.
Besides, getting detailed information about the sender from people search tools can reveal the hacker.
Don’t Trust Alarming Messages
One of the most effective measures in taking care of emails is to have zero trust for alarming messages. Reputable organizations do not go about requesting account details or personally identifiable information. Therefore, if your bank or any other company you do business with requests these details via email, delete the email immediately. Then, proceed to contact the company to confirm that your account is still not compromised.
Don’t Open Suspicious Attachments
People need to know the inherent risks in opening email attachments or unfamiliar links from known and unknown sources. These are accessible channels for malware or virus infection, and only effective security education can help identify suspicious links.
Hackers often install Trojans via malicious email attachments or ads. The aim is to enable the intruder to exploit loopholes and garner sensitive information. Individuals and employees at organizations need to take extra care when handling emails with attachments. It’s an essential aspect of security awareness training.
A now common way that spammers use attachments is to embed Excel spreadsheets in campaigns. All they do is break the words into individual cells to get past anti-spam software. It looks like a regular HTML email attachment, but the anti-spam tools have a hard time with it.
One way to verify the authenticity of email attachments is to send a separate follow-up email, calling or texting the supposed sender to validate its source.
The same safety precautions that apply offline in the real world also apply online when it comes to safety. Just because a big brand logo on the computer screen does not validate opening an attachment. When attachments come from unknown sources, it’s crucial to notify IT personnel as soon as possible.
Get Anti-Phishing Browser Extensions
Client-side spam controls include anti-phishing browser extensions. You simply layer them into the browser like any other extension to help repel phishing attacks. These browser extensions are important because even the most trusted web pages can be delivered to users along with malware.
Anti-phishing browser extensions limit the surface area of attack for a typical spammer. Anti-phishing extensions often come installed as a toolbar.
Rotate Passwords
Email passwords are more than just an access pass; they are keys to the kingdom. If spammers lay hands on your email password, they’re prepared to milk it to the last drip.
Good password hygiene is elementary. First, use phrases instead of a string of characters. The longer the phrase is, the more difficult it is for a hacker to decipher it.
Considering that hackers can be relentless in their evil pursuits, an excellent antidote to their activities is to rotate or change passwords often.
Remember to only share your email passwords only at the email provider’s website.
Be Wary Of Pop-Ups
Since the beginning of the dotcom era, users have had to contend with pop-ups. While we use them with pure motives, spammers use them to lure unsuspecting users into giving out personal information.
Adware programs are often able to generate illegitimate malware pop-ups. Spam may also install spyware to take over your browser and sniff out personal information.
Organizations need to educate employees on how to identify and remove fake pop-ups. Many of these say things like “Ransomware detected!” Telling users of a “technical” or “security problem” is a social engineering tactic that makes users more likely to click their way into trouble.
Fortunately, it’s often easy to remove spam pop-ups from computers and mobile devices.
Set Up Private And Public Emails
It’s a fact that credible websites do not request passwords over email. However, to reduce the spam you get, you can set up private and public email addresses.
Private email addresses
Private email addresses are perfect for personal purposes. However, this address should be challenging for spammers to guess because they usually build lists of likely email addresses using mathematical combinations of prominent names, IDs, numbers, and words.
A private email address may use your first and last names, but it should contain even more. You can improve the security of your private email by using the following measures:
- Keep your private email address away from publicly accessible online resources.
- Mask your private email address if you publish it electronically. Masking is an unfriendly defense from spammers. Any plain email address, such as [email protected], is easy to find. However, dan[dot]bosco[at]gmail.com.
It’s best to change your private email address as soon as spammers discover it. Agreed, this can be inconvenient, but you’ll at least be sure your fresh start will provide safety from spammers.
Public email addresses
Security experts advise that users maintain a public email address or activities such as signing up on public forums, chat rooms, and other internet services.
Users can minimize spam in their public email address by:
- Viewing your public address as a temporary address. It ensures that even when spammers get your email addresses – and they will, eventually – your exposure is minimal.
- Changing their public email address regularly.
- Using several public email addresses. You more easily identify which services are selling your services to spammers.
Public and private email addresses are a potent way to stay ahead of spammers and prevent you from losing more than you could afford to these criminals.
Keep Your Software Up To Date
In an era where spammers are evolving at the speed of thought, individuals and organizations must invest in the most comprehensive security tools available. But, unfortunately, the cost of these services is always less significant than everything the tools achieve in keeping spammers out.
It’s important to keep these computer security tools up to date. For example, antiviruses, anti-spam tools, and so forth, watch out for known bad actors or rely on some heuristic to identify an email as a phishing attack.
One key issue with anti-spam software is that it can accommodate plenty of false positives, meaning that some legitimate emails may end up in your spam folder.
Modern anti-spam and email security products usually throw up a warning when they identify an impersonating incoming email. For instance, the email security system of some companies will show the following message in the subject line:
It’s important to flag these types of email messages, so security experts recommend using the feature as much as possible.
Conclusion
Spammers can be ruthless, and it’s best to avoid them from the outset. Simple security solutions such as using a password manager work if you need a way to manage the strong and unique passwords that work in the modern threat landscape. Phishing is every bit art and science, so it’s best to approach the issue with a comprehensive solution involving a mix of several of the steps shared in this article.
Contributed by Ben Hartwig
Updated on 1st December 2021