Phishing is a type of cybercrime in which attackers — called phishers — contact their targets by email, phone call, or SMS to lure them into providing sensitive information. Phishers usually pose as representatives of a legitimate organization — such as a bank or medical provider — to try to lull victims into a false sense of security. Phishers gather data they can use for financial gain, such as credit card details, social security numbers, or even to record the victim verbally providing authorization and access to their accounts.
You can avoid becoming a phishing victim by learning the following habits:
Learn to identify the latest phishing techniques. Internet scammers are also always adapting to the latest updates to software and improvements in the world of cybersecurity. Learning about the latest techniques will help you stay one step ahead of scammers.
You can subscribe to anti-phishing newsletters published by information security resources like Infosecurity. This way, new information about phishing styles and sources are available to you as they arrive. You should also make it a point to read about phishing news, so that you can quickly identify emerging trends.
Think before you click
Be skeptical about email content, especially those that come from sources other than your own organization. Cyber criminals are more creative and skillful than ever, and they will go to great lengths to make email content and websites look as legitimate as possible. This is particularly true for online banking websites.
Before clicking on any link, first try to confirm whether you should trust the source. Most banks publish press releases and advisories on the latest phishing methods, such as those that involve fake copies of their banking portals. These advisories should contain useful tips for you to verify the links and sites that are safe to access.
Be diligent with updates
Software updates are important in keeping any form of cyberthreat at bay. This is most true for software used to access the cloud or the internet. Many phishers will use browser vulnerabilities to run keystroke loggers or “sniffers” to gather information they can use for sophisticated phishing attempts, such as spear phishing or even whaling.
So make sure that the update protocols for your browsers, operating systems, and various apps are set to “automatic.” This way, you get the updates as soon as they become available.
Assume all pop-ups are threats
Pop-up ads are also a popular delivery method of pre-phishing malware payloads such as keystroke loggers. What’s worse is that malicious pop-ups usually contain more than just keyloggers — they may also contain a plethora of malicious payloads such as ransomware encryptors, Trojan horse, and the like.
It would serve your business best to install pop-up blockers on the browsers of all company devices. You can also incorporate rules on your internet use policy that sets restrictions on visiting suspicious websites as these tend to have malicious pop-ups.
Divulge nothing personal
Lastly, you and other members of your organization should avoid posting personal information online. Be careful of the types of information you post because these can be harvested by cyber criminals for future use. Avoid posting photos that contain your email address, license plates, ID cards, and the like as these are the types of information spear phishers use to launch attacks.
Protect your business network from phishing attacks with OutsourceIT’s network and data protection services. Contact us today to learn more.