Cyberattacks, such as phishing, cost businesses billions of dollars each year. Each year cybercriminals become wiser and find new ways to target you and your company. The first step to fighting cybercrime is awareness and education. Educate yourself on how you can defend your company against a phishing attack with the following tips.
What is a Phishing Attack?
A phishing attack is a type of fraud in which the attacker tries to learn information such as: usernames, passwords or credit card numbers by pretending to be a reputable entity or person in email. Cybercriminals mainly use this form of attack for identity theft. It is a sort of social engineering attack which is mainly initiated via email.
Phishing emails use urgent or threatening language in the subject line
It can frequently emerge as an important notice, critical update or urgent warning with a tricky subject line to entice the target to think that the email has arrived from a trusted source. The subject line may consist of numeric characters or other letters in order to bypass spamming filters.
Phishers send email from spoofed address
When you send an email, a sender name is attached to the message, however, it can be forged. Criminals have been spoofing email addresses for a long time and doing this to show messages look like they came from friends, trustworthy sources or their own company.
Phishing attacks can occur any time
It is possible to reduce the risk of phishing attacks by checking your emails with care and looking at the signs for phishing scams. It is important to be careful while browsing online and see phishing signs. Beware of emails asking for confidential information or login credentials. Legitimate organizations like financial institutions never request sensitive information by email. Even if it appears to be from a known, trusted source, never click on links, download files or open attachments in emails or on social media. Call the sender and verify the email before doing anything on it. Never click on links in an email to a website unless you are absolutely sure that it is authentic. When necessary, type the URL into an address bar in the browser to see it is a real website.
Browse only safe web addresses
Today many web browsers already include security features to help you stay safe online. These built-in browser tools can block annoying pop-ups, send “Do Not Track” requests to websites, disable unsafe Flash content, stop malicious downloads, and control which sites can access your webcam, microphone, etc.
Watch for spelling mistakes
As they are not professional proofreaders, cybercriminals often make mistakes in phishing emails. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
Phishing attacks are becoming more personal
Personal phishing attacks or spear-phishing attacks are proven to be more efficient. Cybercriminals make research on their target using social media shares to generate customized emails that victims are more likely to open.
Criminals use real brands
Criminals imitate the authentic website of a legitimate brand by utilizing a related domain name or URL and webpage design to the original website. The link to the fake website is mostly sent to targets by email or sometimes text message. The email can also include logos from the legitimate company. The fake website usually includes a fake form to hijack users’ credentials, payment details or other sensitive data.
Take caution when clicking shortened links
Cybercriminals often use shortened links to manipulate you into thinking you are clicking a legitimate link, however, you can inadvertently be redirected to a fake web address. You should always place your mouse over an address link in an email without clicking, to see if you’re actually being sent to the right website.
Phishing links can be in an attachment
Phishing emails mostly include a fake link, but to bypass email protection technologies, phishers can use an attachment, such as a PDF or Word doc, to use a fake link to a fake webpage.
Don’t be fooled with pop-up notifications / warnings
Phishers can attempt to tempt you with a support pop-up window that appears on your computer screen, which may seem like an error message from your operating system or antivirus software. Also, it can seem legitimate using logos of legitimate brands. It can trick you and take you a fake landing page to steal your sensitive data.