8 Ways to Prevent Biting the Phishing Bait
The term Phishing no longer remains uncommon unless you have been living under a rock. Referred to as the ultimate social engineering tactic, it now remains cybercriminals top choice in infecting users’ computers or devices. Most of which is done by tricking users to: launch malicious files on their computers, clicking a link to an infected website or sending criminals their private data. You probably know the drill by now. What you might not know is the severity and impact that these attacks could cause. It is the aftermath we should really be worried about!
The Mechanics of a Phishing Scam:
Before we get to that, let us look at how these phishing scams really work. Mostly it involves sending out emails or texts disguised to be from legitimate sources. At a glance, they might look like it’s from a trusted source but in fact, it secretly contains malware and once a person opens it, malicious software is downloaded into the computer and just like that, the cybercriminal is in your system. Some of these malicious emails, texts or links could be easy to detect, it is the more sophisticated ones we should be worried about!
Scammers go to great lengths in designing phishing messages to mimic actual emails by using the same phrasing, typefaces, logos, and signatures. This makes the messages appear legitimate. If all else fails, they take it up a notch by carrying out customized attacks also known as Spear phishing, to target large enterprise organizations, particularly the C-level staff. The most worrying aspect of the Phishing scam is that cybercriminals do not need to infect your computer with a virus to obtain your private information, because you could willingly give up that information on your own if you’re not careful.
COVID-19 Phishing Scams:
Insight of the COVID-19 outbreak, many hackers have been using the panic and mayhem that surrounds this pandemic to trick people. One of those sneaky ways is through Phishing. As if the threat of the pandemic was not enough, we now must watch out for “Coronavirus themed” Phishing Attacks. According to research, coronavirus-themed domains are 50% more likely to spread malicious activity than other domains. Many of these domains are probably being used for phishing attempts.
The Aftermath of a Phishing Attack:
Now back to the aftermath of these attacks. What happens after the scam? Once cybercriminals have a hold of your data, you are definitely in trouble, to say the least. They would start by accessing your accounts to withdraw money or make an online transaction, open a fake bank account or credit cards, use your computer system to install viruses and worms, and disseminate your contacts to send out even more phishing emails. The larger treat falls to when the attacker uses your data to gain access to your organization's high-value data such as banking information, employee credentials, social security numbers, etc. That is when you are in even deeper trouble.
If an organization succumbs to such an attack, it typically sustains severe financial losses in addition to a declining market share, reputation, and consumer trust.
In a report by Ponemon Institute in the first quarter of 2016, successful phishing attacks can collect up to $3.7 million per attack. They produced another study that showed 31% of respondents said they would terminate their relationship with an organization if they receive a notification for a data security breach incident.
At this point, the numbers speak for themselves, it is likely that most businesses will have an exceedingly difficult time recovering from a phishing attack.
Staying Clear of the Phishing Bait:
Now that we have seen the extent of financial and reputational damage a single phishing attack could ripple, be it to an individual or an organization, let's answer the question as to what role we play in preventing these attacks. Here are 8 basic guidelines in keeping yourself and your organization safe:
1. Keep Informed on Phishing Techniques
New phishing scams are being developed all the time. Staying on top of these new phishing techniques will prevent you from falling prey to one. Keep close tabs on news about new phishing scams. By finding out about them as early as possible, you will be at much lower risk of you fall bait to one. For an organization, ongoing security awareness training and simulated phishing for all users are highly recommended in keeping security on top of the minds of all employees.
2. Think Before You Click
A major no-no is clicking on random links especially on sites you do not trust or clicking on links that appear in random emails and instant messages. Hover over links that you are unsure of before clicking on them. Do they lead where they are supposed to lead? When in doubt, go directly to the source rather than clicking a potentially dangerous link. Keep in mind to never download files from suspicious emails or websites.
3. Verify a Site’s Security
Make it a habit to check the address of the website. A secure website’s URL begins with “https” and there should be a closed lock icon near the address bar. You could also check for the site’s security certificate as well. If you get a message stating a certain website may contain malicious files, do not open the website. At times even search engines may show certain links which may lead users to a phishing webpage.
4. Never Give Out Private Information
As a rule of thumb, you should never share personal or financially sensitive information over the Internet. Most of the phishing emails will direct you to pages where entries for financial or personal information are required. An Internet user should never make confidential entries through the links provided in the emails. Never send an email with sensitive information to anyone.
5. Be Wary of Pop-Up Ads
Pop-up windows often masquerade as legitimate components of a website. They are all too often, phishing attempts. For this instance, you can install a pop-up blocker on your browsers. However, if one manages to slip through the cracks, do not click on the “cancel” button; such buttons often lead to phishing sites. Instead, click the small “x” in the upper corner of the window.
6. Use a Next-Generation Endpoint Protection
If you have not heard, Next-Gen Endpoint Protection is the modern way of a real-time analysis for users to detect “zero-day” threats and take immediate action to block, contain, and roll back those threats. Although no defence is completely impenetrable, NextGen EDR based on AI and Deep Learning provides solid defence.
7. Keep Your Browser Up to Date
In response to security loopholes which hackers inevitably discover and exploit, security patches are released for popular browsers all the time. If you typically ignore messages about updating your browsers, now is the time to stop. Practice the habit that the minute an update is available, you immediately have it downloaded and installed.
8. Enable Two-Factor Authentication (2FA)
This is the most effective method for countering phishing attacks, as it adds an extra verification layer when logging in to sensitive applications. So, even if your accounts or devices are compromised, having 2FA enabled prevents the use of the compromised credentials, as they are insufficient to gain entry.
We believe when it comes to company security, it is imperative to acknowledge employees as the first line of defence. Hence, those best practices though may not eradicate Phishing scams, will ensure you and your organization stay clear from biting the bait and falling trap to their schemes.
It is important to note that this is not a one-man job, the fight against Phishing attacks should be conducted holistically, everyone one of us plays a part in this fight.
Phishing scams have been around ever since the inception of the internet and show no signs of stopping any time soon. It is your duty to stay vigilant and alert, you could be just one click away from a major catastrophe!
