Put your hand up if you’ve never received a phishing email. Not in some hypothetical sense either. I mean literally, put your hand up.
There’s a good reason that I’m not asking those who have received phishing mails to put their hands up in the air. I don’t want to waste your time and energy, and I genuinely believe that not a single person will need to raise their hand in this particular scenario.
If you did put your hand up, I’m sorry to tell you this, but you’ve likely been scammed. What you thought was a legitimate mail from your bank, or your ISP, or your doctor, pharmacist, accountant, or favourite online shopping store, was actually a phishing mail in disguise. Try not to take it personally – it’s exactly how phishing mails work! That’s why we’ve put together this blog on how to prevent phishing and keep yourself, and your business, safe.
What is a Phishing Mail?
It’s an email in disguise. Also knowing as a spoofed mail, it acts as though it’s coming from a business you trust, like your bank, social media site, or even from your own company. It even bears a message that sounds legit – that your account has been hacked, your mailbox has been compromised, or a payment needs authorisation.
“Click here to reset your password.”
“Open the PDF attached.”
“Confirm your login information to proceed.”
As soon as you click that link or open that attachment, you’re in trouble. Even if you don’t type in your username and password, there’s a very high chance that you’ll have malware installed on your machine, monitoring your activity and gaining access to your personally identifiable information. From there, cybercriminals can infiltrate your company’s platforms, or gain access to your accounts or email addresses. They’ll have the perfect opportunity to scam people in your address book, sending out further phishing emails that seem to come from you. And that’s not even mentioning the damage they can do if they gain access to your banking details.
So, now that we know what phishing is, it’s time to look at how to prevent phishing, and how to stop it from causing chaos in your work environment.
How to Prevent Phishing Mail?
The impact that a phishing email can have, both in a personal and a professional capacity, is severe. But there are steps that you can take to avoid becoming a phishing victim. There are even measures that you can put in place to mitigate the damage even if you do open a phishing link or attachment. Here’s how to prevent phishing in 6 simple steps:
1. Think Before You Click!
Opening emails has become a mindless task. Because we get so many messages on a daily basis, it’s standard practice to just open every mail that comes our way. We don’t even think about what we’re opening. And phishers love that! It means that when they send a mail pretending to be from FNB, Standard Bank or ABSA, chances are that if you bank with them, you’ll click their message and open the link or attachment without another thought.
The first lesson in how to prevent phishing and spoofing is knowing that it’s never been more important to think before you click. Take a couple of extra seconds before opening that link or attachment to check who it’s coming from. The address may look like it’s coming from FNB, but is that the one that they usually use?
Most companies will have a policy of never asking you to enter your username, password or ID number on a website at all. So if you get a mail asking you to do so, it’s best to simply delete it.
2. If You’re Unsure, Check!
Phishing emails often look very real. They’ll have the right logos, be formatted in a way that you’re used to, and even the address that they’re coming from will seem legitimate. That’s what makes them so dangerous – they’re very easily confused with the real thing!
If you get an email that you think might be real, but you can’t quite be sure, the best course of action is to check with the company that the mail says it’s coming from. If you get an email claiming to be from FNB asking you to authorise a transaction, give the real FNB a call and ask them to confirm that the email came from them.
Don’t reply to the email itself. Doing so not only shows that they’ve reached a real mailbox, but your uncertainty will encourage them to keep targeting you. And do not call any of the numbers listed in the mail itself. Find the number for the company that has contacted you, and call them that way instead.
3. Keep Yourself Up to Date and Informed
Phishing mails are sent to millions of people on a daily basis. The same scams pop up again and again. And this provides you with a great opportunity to learn from the mistakes of others.
Regularly research the latest phishing techniques, and make sure that you know which emails to look out for. By keeping yourself up to date and informed, you’ll be better prepared to identify and deal with any phishing mails that come your way.
4. Make Sure Your Anti-Virus is Updated
Having an anti-virus should stop attackers from installing malicious software like malware onto your devices. But your anti-virus is only as good as its latest update.
The way that most anti-viruses work is by checking attachments and downloads against a catalogue of malicious software. With new threats being detected on a daily basis, regularly updating that catalogue is essential and can mean the difference between a virus being installed, or stopped in its tracks.
5. Use Multi-Factor Authentication
We can talk all day about how to prevent phishing from happening in the first place. But attackers are smart. They make their emails look as real as possible, and even go to extreme lengths to make the websites that those emails link to look legitimate. There is every chance that you’re going to be caught out by a phishing mail at some point. And when you do, you’ll want to make sure that the impact of the attack is as minimal as possible.
One quick, easy, and highly effective way of protecting yourself and your company is by implementing multi-factor authentication (MFA).
As the name suggests, MFA involves using two different security measures to gain access to your online platforms. It could be a password and a unique PIN number that gets sent to your phone or your email address. It could be a fingerprint scan and facial recognition. It could be a password and a security question.
The basic premise is that anyone who gains access to one piece of information, like your password, still won’t be able to gain access to your systems.
6. Backup, Backup, Backup
Another way of preventing phishing from having a huge impact on your business is by making sure that you have multiple backups and copies of your personal and professional data stored in the cloud. This way, even if an attacker gains access to your online portals and compromises your data, the impact of the attack will be lessened.
Once you’ve locked down access, preventing the attacker from making any further changes or compromising further files, you can restore a cloud backup of your apps and data. Business can continue as normal. An attack that could have seen your business paying millions of Rands as ransom to get your data back, will be cut short or prevented altogether.
Prevention is better than cure!
The risk of phishing attacks is very real. You are kidding yourself if you think that you’re immune. But by following these six steps for how to avoid phishing scams and how to avoid phishing attacks, you’re giving yourself the best possible chance of recognising an attack and stopping it before it can cause havoc for your company.
If you want to make sure that you’re kept up to date on the latest cybersecurity threats, and are well equipped to handle them through email security services, Solid Systems is the perfect IT support company to turn to. We’ve spent almost two decades helping businesses to stay secure, mitigate their risks, and invest in the right technologies to make them money and see them step confidently into the future. Contact us today for more information on how we could be keeping your business safe from cyber threats.