In our phishing prevention best practices eBook, we provide ten best practices for small and mid-size businesses. We know these practices work. We know they’re right on point today. We want small and mid-size business to get and use this information. And once again we’ve been vindicated.
Internet security company Webroot came out with their 2019 Threat Report and wouldn’t you know it, the tried-and-true attack methods are still going strong. This means the phishing prevention best practices within the eBook are still applicable and essential for protecting your business.
For instance, best practice #6 states “Anti-phishing technology should check more than just embedded email links.” In addition to checking embedded email links, it’s imperative to check the linked-to website for malicious content. Characteristics to be checked on the linked-to website include on-page content, hidden fields and JavaScript with injection code.
The Webroot report confirmed that “A massive 40% of malicious URLs were found on good domains, since legitimate websites are frequently compromised to host malicious content.” The link you click on may be a good one and take you to the website you want to go, but that doesn’t mean the website you want to go to hasn’t been compromised. And there is no way you will know unless you let scanning technology like that available from PhishProtection intervene on your behalf.
Between January and December 2018, the number of phishing sites detected grew 220%.
Another example is best practice #7. “Anti-phishing technology should conduct all checks in real time as well as provide alerts in real time.” Like we always say at PhishProtection, if you’re not checking things in real time, don’t bother.
It’s good to check embedded links when an email first arrives, but that’s not good enough. Links need to be checked every time a user clicks on them, right at that moment. In real time. Why?
According to the Threat Report, “It’s important to keep in mind that IP addresses are not static and may cycle from malicious to benign and back multiple times. While 60% of the millions of malicious IP addresses we saw in 2018 only appeared on the list once, hundreds of thousands appeared at least two or more times.”
The report goes on to point out that blacklisted IP addresses do not stay on the blacklist indefinitely. “IPs on the blacklist are revisited to see if they still exhibit malicious behavior. If not, they leave the blacklist. Hundreds of thousands of new IPs are added to and removed from the blacklist multiple times a day.”
It does you no good to only check embedded links upon arrival. If you’re going to invest in an anti-phishing software to protect your business from phishing attacks, you better make sure the technology includes real-time scanning protection, like that found in PhishProtection.
If you run a small business and are new to the subject of phishing protection, step one is to download your free copy of the best practices eBook.
If you run a small business and you’ve already decided it’s time to protect your employees from phishing attacks, and you want to protect your entire company in 10 minutes for less than you think, head on over and try anti phishing solution risk free for 30 days. You’ll be glad you did.