Phishing scams are one of the most harmful cybersecurity threats to individuals and businesses. Just one download of a harmful attachment from an email can cause a Trojan horse to bypass antivirus programs and steal sensitive data, such as financial information and passwords. With over 3 billion fake emails sent a day and many containing phishing emails, it’s easy to fall prey to a scam. With huge profits for cyber criminals, phishing emails aren’t likely to disappear anytime soon.
However obvious, here are some basic steps, tools and things to be aware of to keep your business emails – the most common way to phish someone – more resilient against attacks.
Use antivirus and firewalls
If you haven’t already, install or update your Antivirus and Malware software. These firewalls are designed to place a buffer between your system and intruders. You should have two firewalls in place: desktop and network. When used together, the odds of hackers and phishers infiltrating your computer or network is hugely reduced.
Use browser anti-phishing tools
Most popular browsers will have anti-phishing toolbars. These tools will run quick checks on sites you visit against the list of known phishing sites. If you enter a malicious website, the toolbar will alert you. These tools are typically free, giving you a basic layer to battle against phishing scams. CloudPro provide a full guide to such extensions and toolbars.
New phishing scams are being developed every week. Keep your eyes on news sources that report new phishing scams. You can stay up-to-date on the latest threats by following a news site, such as Info Security. The earlier you find out a new technique is being used, the lower the risk of being snared in a trap. If you’re an IT manager or administrator, having ongoing security awareness training and simulated phishing for all users will keep cybersecurity at the top of people’s thoughts in your business.
Beware of social engineering and whaling
Whaling is a form of phishing attack which is highly targeted and appears to be a legitimate email. It is a form of social engineering, where personalised information is used. The aim of whaling is to encourage the recipient to perform some sort of action, such as clicking a link to a site which contains malware or sending funds to the attacker’s bank account.
Whaling often targets financial institutions and typically high powered individuals such as CXOs, it is becoming an increasingly prevalent risk to cloud storage and e-commerce sites. Employee training can help to mitigate the risk of whaling attacks; take a look at some examples of whaling emails to see some of the common tactics used.
Consider your clicks
Beware of random emails sent to you, always hover your cursor over a link to verify if it’s genuine. Do the links lead to where they’re supposed to? A phishing email may look and appear like it’s from a real and legitimate company, always scrutinise more carefully when the email asks you to fill in any personal or financial information.
Keep an eye out for pop-ups
Pop-up windows could seem like a legitimate part of a website when in fact they’re phishing attempts by hackers. If one appears, avoid clicking on a “cancel” button as this likely leads to a phishing website. Just close the pop-up down by clicking the small “x” in the corner.
Verify the security of a site
You should always be wary of sharing your personal information on the internet. Before entering any details, ensure the URL starts with “https” with a closed lock icon by the address bar. Look at the site’s security certificate, if a message appears informing you that a website could contain malicious files, do not enter the site.
Check online accounts regularly
If you haven’t checked an online account for a while, there’s a chance someone could have gained access to it. Always check into accounts you have and change your passwords regularly. To prevent bank and credit card phishing scams, check your statements monthly to ensure no fraudulent transactions have taken place.
Keep your browsers updated
Patches are released regularly to prevent exploits being used by cyber criminals looking for security loopholes. Don’t ignore messages telling you to upgrade your browser. Once an update appears, install it to patch the necessary security measures.
Increase Resilience with Email Archiving
All of these phishing threats show just important your data is. With the increased threat of phishing, it has never been more critical for you to protect your email, where most phishing and whaling attempts enter your business. Find out more about our secure email archiving solutions and get in touch for a free demo to see how Cryoserver email archiving can help your business become more resilient against phishing attacks.