Don’t fall victim…

One of the most serious risks originating from the Internet to businesses and domestic users is the threat of phishing. Phishing is a form of fraud where a cybercriminal attempts to trick the recipient of a message into revealing information such as login credentials or account information by masquerading as a reputable entity or person, typically in an email, but it can be attempted through other communication channels.

A victim receives a message that appears to have been sent by a known contact or organisation. An attachment or links in the message may install malware on the recipient’s device or send them to a malicious website designed to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details.

You then find your personal or business bank account has been raided or your credit cards used to purchase luxury goods. Here are 10 ways to prevent users in your business from being tricked by phishing emails.

1. Get down behind the firewall!

Best practice for IT security is to deploy a firewall to secure your network against a range of internet threats including phishing. Firewalls may be software on a computer or a hardware network device and may even be embedded within a broadband router. Firewalls help defeat the spyware that may be used to report your passwords, etc., to cybercriminals.

2. Use automatic updates

Patches are released when required to shut down known vulnerabilities to security issues, including phishing scams. Set updates to automatic and let them happen if you are prompted to install updates.

3. Use an anti-phishing browser toolbar

Consider installing an anti-phishing toolbar in your browsers. This checks sites being visited against ‘blacklists’ of known phishing sites and warns the user. This should be obtained from a reliable source, otherwise it too could hijack your web browsing.

4. Get up to speed with the latest phishing information

Phishing scams are an agile security threat – they are being continually developed.

Criminals even use the statistical analytical techniques used by marketers to help them understand how to improve the effectiveness of their email activities. Stay on top. Locate a website that specialises in providing this information. Perhaps Google: latest phishing scams

5. How to tell if an email could be fake:

In the body of the email is it addressed to you personally, or does it start “Dear Valued Customer”? A real company will know your real name.

Is it telling you that you need to reset a password for a service you don’t have? For example, it’s asking you to reset an Apple password when you don’t have an Apple phone.

Is it asking you to click a link to go to a website? Move your mouse over the link and it will show you the actual website it is going to take you to. For example, if the email claims to be from Apple then the website should end in apple.com.

Is the email spelt correctly and does it make sense? Lots of phishing emails have bad spelling or grammar or are just badly written.

6.Verify the security credentials of websites

In the same way, you shouldn’t click hyperlinks in emails, avoid the habit of casually entering personal information into websites. Check for https at the start of the URL; is there a lock symbol by the address bar?

7. Block Pop-ups

Pop-ups are a popular tool deployed by cybercriminals on phishing expeditions! Turn on Pop-up blocker to automatically block all pop-ups, or ask to be prompted to let you decide. If you get a suspicious Pop-up try using Alt-F4 to close it.

8. Login and check accounts frequently

It’s a bit like going away on holiday and coming back to find the burglars have been in…

Login and check accounts frequently. If you have had your security details stolen, then someone may have the opportunity to repeatedly misuse your account logins to gain access… Check often.

9. Don’t share personal information

Avoid sharing personal or financially sensitive information unless your 100% sure of who it is. Don’t enter it into website forms, email and don’t message it in any other way such as IM or Whatsapp, etc. Don’t give it out over the phone, even if someone is calling from what you believe to be a reputable organisation with which you have an appropriate relationship.

10.Use Antivirus products

Strongly consider using an email security solution such as Mimecast or HTL Anti-Spam. These defend against identified email threats. Mimecast integrates cloud-based archiving and redundancy features that work with Microsoft Office and Google Apps for Work. 

If in doubt, delete.