How to Get The Best Protection From Phishing

What is phishing and what are some best practices? Read more to find out.

The wonders of the internet bring us amazing things we’ve never been able to see or do before. Sadly, these technologies are a double-edged sword bringing us problems such as hacking and phishing too.

Scammers are getting smarter, which means it’s getting harder to root out phishing attempts. In fact, Intel found that 97% of people tested globally couldn’t identify phishing emails.

By educating yourself and your employees about this type of cyber attack, you can recognize them and reduce the instances of security breaches. This should always be your first step in your organization’s quest towards protection from phishing.

What is phishing?

phishing protection

Infographic: Courtesy UTICA College Awareness Program

Phishing is a type of cyber attack that exploits social channels in order to gain your sensitive information. The social channels that can be used in such attacks include email, mobile, and social media accounts.

 

What these cybercriminals typically try to obtain is your personal details, such as numbers for your bank account or credit cards, or your home address and phone number. These scammers also try to figure out your passwords for certain sites.

 

Once they have your passwords, they can then apply them to other sites to see if they can access more accounts. With other details, like your address and phone number, it makes it even easier for them to break into your accounts.

 

There are many reasons why scammers run phishing attempts on unsuspecting people.

At the top of the list is identity theft to access funds.

 

They can also use phishing to target and sabotage commercial computer networks. Or find out other types of sensitive information, such as your organization’s trade secrets or information regarding national security. These are all valuable resources that cybercriminals can profit from.

 

 

How does phishing work?

As the name suggests, cybercriminals use very tempting “bait” in order to get their victims to “bite.” What they do is closely impersonate a trusted name, such as Netflix or the financial institution you bank with.

 

They also create a sense of urgency through social engineering or deception. This increases the chances of people falling for the phishing attempts. Scammers can achieve this in one of two ways:

 

» 

Putting a fake link into their communications

Prompting you to go to the fake website and log into your “account” to verify yourself as the owner. What looks like the main Netflix page is actually a fake, which means you’ve handed over your account details without resistance.

 

» 

Having you install malware

What makes this so effective is scare tactics, such as the threat of a deactivated account if you don’t install the program in a timely fashion.

 

 

Some phishing examples

Here are some of the more common instances of phishing attempts:

 

» 

Nigerian prince scam:

There are several variations, but usually, an email is sent asking for help to access millions of dollars. These emails are typically full of spelling and grammatical errors to weed out people who are more aware of phishing.

 

» 

Tech support scam:

You’ll receive communication from a “technician,” who’ll then install remote access software, pretending to fix any problems with your computer. They’ll claim you have malware and insist on having you install a program to clean it up. That program will have actual malware and expose your personal and sensitive information.

 

» 

Deactivation scare scam:

Again, cybercriminals play to the sense of urgency to ensure you’ll fall for their scam. They’ll trick you into thinking your accounts will be deactivated due to lack of activity, so it forces you to log on.

 

 

Types of phishing

As you can see, there are quite a few types of phishing out there. You have to give cybercriminals credit for their ingenuity, after all. Some of the main types of phishing you’ll need to keep an eye out for are:

 

» 

Smishing:

Smishing gets its name from SMS, which means this is a text message scam. You’ll receive an SMS requiring that you take action in order to confirm or deny something, such as an order. In the text message will be a link. Once you click on it, it’ll take you to what looks like a legitimate website, which prompts you to enter your username and password.

 

» 

Vishing:

This is similar to smishing but uses voice instead. The cybercriminal will either call you personally or with an automated recording. This is intended to imitate official voice messages financial institutions send out when your account’s been compromised.

 

» 

Search engine phishing:

This one’s a bit more elaborate. Scammers will do SEO research and create a fake webpage based around that. As a result, it’ll rank high on Google. So when people search that particular keyword, there’s a higher chance of them clicking on the fake website rather than the real one.

 

» 

Spear phishing:

Spear phishing is a more targeted approach to phishing, as opposed to the scattergun method in regular phishing. Either an individual or organization can be hit with spear phishing. More details about it can be found below.

 

» 

Whaling:

This type of phishing is similar to spear phishing, but instead of ordinary people, scammers target high-level employees, such as C-level personnel. By tricking these high-profile people, cybercriminals can gain access to sensitive information in the targeted organization.

 

protect yourself from phishing

 

 

Spear phishing

This type of phishing deserves a section of its own because of how dangerous it can be. In cases of regular phishing, cybercriminals will send out massive amounts of emails to random people in hopes that they’ll catch something with their “net.” It’s usually a quick and easy way for scammers to find victims.

 

While spear phishing is very similar to regular phishing, what differentiates it is the amount of effort the scammer has to go through. Typically, they pick a target, then do extensive research on them. This includes finding out where the victim’s from, who their friends are, who they work for, and where they spend their time at.

 

Armed with those pieces of information, cybercriminals are then able to carefully craft very believable emails to their targets. They may even pretend to be the close friends of the victims. Any tactic they use will be highly convincing, since the more details they have on the target, the more likely they’ll be able to lull them into a false sense of trust and security.

 

 

Phishing prevention best practices

Although it can be tricky to determine whether or not you’re being attacked, there are two best practices you can employ.

 

The first is being cautious. Whenever you receive an email or link unexpectedly, think about if you’ve been on that website lately. Even if you have, you should type in the domain name and log in through your browser, just to be safe. Never click on any links inside suspicious emails or texts.

 

The second is being proactive. If you’ve received the potential phishing attack at work, let someone of authority know. That way, they can alert the entire organization and heighten everyone’s awareness.

 

How to prevent phishing and spoofing

Spoofing is when someone pretends to be a trusted organization or person. It goes hand-in-hand with phishing.

 

To prevent phishing and email spoofing of your company, you should have your IT department implement several measures. These are Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-Based Message Authentication, Reporting & Conformance (DMARC).

 

All three methods listed add extra “signatures” to your email system so it’ll be much harder for cybercriminals to spoof your organization’s email. This is because they may miss one or more of the signatures, which will be a tell-tale sign to recipients that their emails are phishing attempts.

 

How to prevent phishing emails

To prevent phishing emails, make sure you have a good antivirus program installed. Not only that but always update it whenever you can. The same goes for your browser.

 

There are always vulnerabilities in software, and when they’re found, cybercriminals will exploit them. Updates are there to stop the exploits, so be proactive in stopping scammers from finding their ways to you.

 

How to stop phishing emails

If you keep getting phishing emails, it may get tiring trying to differentiate between what’s real and what’s not. To stop phishing emails, check with your email provider. Most major providers have the option to report and block phishing emails. You can also install anti-phishing software to block attempts not caught by your email provider.

 

 

The best phishing protection

The best phishing protection is to not only have different passwords on different sites but also to change them regularly. It may seem like overkill, but by doing so, it’s an extra layer of protection. If you do fall victim to a phishing attack, it dramatically lowers your chances of any of your other accounts being accessed.

 

In addition to proactive steps, you can also take reactive ones as well. By implementing phishing protection software in your office, you can protect your entire organization from vulnerabilities. It only takes one click to get through, after all.

 

Your business may also want to consider security training for its employees. By having everyone more aware of the signs of phishing attempts, it’ll facilitate them to spot and report those instances to your security officer. Prevention is key in keeping your business safe.

 

Would you like to get started on anti-phishing measures? Then check out our service plans.

 

 

Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7. On any device. With features you’d expect in more expensive solutions:

All Plans Come With

  • Stops business email compromise (BEC)
  • Stops brand forgery emails
  • Stop threatening emails before they reach the inbox
  • Continuous link checking
  • Real-time website scanning
  • Real time alerts to users and administrators
  • Protection with settings you control
  • Protection against zero day vulnerabilities
  • Complete situational awareness from web-based console

Join 7500+ Organizations that use Phish Protection

Phish Protection works with System Administrators, IT Professionals and IT Executives in thousands of companies worldwide. Sign up and protect your organization from phishing attacks in less than 5 minutes