Cybercriminals have evolved. The majority of them are treating their criminal activity just like a business. Like any good business model, low-cost techniques that generate high profit will be prioritized. This is one of the main reasons social engineering scams like phishing and related attacks have become so prevalent. We'll give you a quick overview of what different scams are rearing their heads, and then we have some preventing phishing attacks best practices that you can implement to protect your agency or enterprise.
What is Phishing?
Phishing emails are the most common type of spam email that you are likely to get. They create a false sense of urgency and try to entice you to click on a link within the email. The attackers may pose as your financial institution, a vendor, or even a government entity in trying to get you to follow the malicious links. Once there, the goal is to have you enter some personal information into a field on the website. Targeted info may be your login credentials, social security number, bank account number, or other sensitive information.
Other cyber attacks related to phishing are:
- Vishing: uses VoIP phone calls
- Smishing: uses SMS messages
- Spear phishing: uses specific information on a pre-identified target
- Whaling: uses spear fishing tactics on a high-level executive
- Farming: stands up a fraudulent website with a similar URL to trap unsuspecting parties without using contact methods
Adjusting Your Cybersecurity Posture
Now that you know what the danger is, what are some preventing phishing attacks best practices?
Implement an Email Firewall
Firewalls help filter incoming messages and determine which ones may be spam. They can do this in several ways, like comparing the sending IP address to a blacklist of known spammers or analyzing the message content for red flags. Your firewall administrator can tailor those options to what best fits your enterprise. One great feature for larger businesses or government organizations with a high volume of internal emails is to include a banner on all messages sent from outside your agency. This helps to prevent personnel from falling for a phishing attempt using a spoofed internal email address.
Focus on Employee Training
All of the technology in the world will only protect you if your staff is aware of the threats they face. You must give them the tools to succeed. Any urgent requests from a vendor or any email directing payment changes should be confirmed in person or by phone, and that contact should be done with phone numbers obtained from a source other than the email. Never provide passwords or account numbers over the phone or through a website chat function, and emphasize the importance of verifying the veracity of an uncommon email before taking substantive action.
Install Antivirus and Anti-Malware Software
As an added line of defense, antivirus and anti-malware software should be a part of every enterprise's cybersecurity program. Should an employee follow a suspicious link, the software may be able to alert them to the malicious site as a last resort before any further information is compromised.
Of the preventing phishing attacks best practices mentioned above, spear phishing and whaling can best be combated by preventing data leakage. If you control what information attackers access, you can detect a cyber attack better. This data and more can often be found through improperly discarded electronic devices. Simply typing e-waste recycling near me into your preferred search engine is a roll of the dice. You want to use a reputable company with a proven track record, like West Coast Computer Recycler.