How to Prevent Phishing: 10 Tips

With a single click of your mouse, you could lose your identity, your savings, and your business – hook, line, and sinker. 

If you’d rather keep those things, then you need to learn how to prevent phishing.

Today, anyone can be deceived by “phishers,” and no industry or organization is immune, regardless of its size.

According to the Anti-Phishing Work Group (APGW), the total number of phishing attacks in 2016 was 1,220,523, a 65% increase over 2015.

To help put that into perspective, the total number of phishing attacks per month in the 4th quarter of 2004 was 1,609. In the 4th quarter of 2016, APGW saw an average of 92,564 phishing attacks per month.

That’s a 5,753% increase in phishing over 12 years.

Phishers are getting smarter, savvier, and sneakier – which means you need to be proactive in your approach to detect and deter phishing.

To help you protect yourself, your business, and your employees, we’ll define what phishing is, the common attacks you should know about, and how to prevent phishing from ruining your life.

What is Phishing and How Does it Work?

Phishing is simply digital fraud.

The attacker will pose as a legitimate business or individual and attempt to steal sensitive information from you.

The scam usually works like this:

• The phisher sends out a spoofed email from a sender you may recognize
• The email contains an urgent message that requires immediate action
• The message leads to a link provided in the email

The link inside the email is the key to the entire scam.

Either the link will install malware on your device, or it will take you to a spoofed website.

Malware can spy on you, record your keystrokes, steal your information, or use your computer to send out spoofed emails to your contacts – turning your computer into a conduit for cybercrime.

A spoofed website will appear like a familiar website that you usually use for business, financial, or personal transactions. But once you enter your name and password, credit card details, or other sensitive information, you willingly give it over to the phishers.

While the above scenario is a general form of phishing, there are a few specific types you should be aware of. Let’s take a look at four phishing techniques you’re likely to encounter.

The 4 Most Common Phishing Techniques

Spear Phishing

Spear phishing is one of the hardest types of spoofed emails to detect because it is designed to be the most personal.

Phishers may include your full name, work or personal phone number, your job title, etc. in the email they send. The sender will usually be from someone in your contacts, making the email seem legitimate.

The end goal is still the same: something urgent needs to be handled and you need to click on their link to handle it.

Deceptive Phishing

Deceptive phishing is the most common form of phishing and generally refers to attacks where phishers impersonate a well-known company to steal some of your personal information.

For example, in 2003, customers of eBay started receiving emails that told them their account would be suspended if they didn’t take immediate action.

The email directed them to a fake login page that collected their login information, which can then be used to steal their financial information and any other useful data.  

Whale Phishing

Whale phishing is when hackers go after the top executives of a company. This is often referred to as “CEO fraud.”

Same as the other forms of phishing, the attackers will try to install malware or gain access to the CEO’s information or email.

Whaling can be especially dangerous because it can lead to another scam known as “business email compromise” whereby the phishers use the CEO’s email to trick an employee into wiring or transferring money.

Pharming

Pharming is an especially scary form of phishing because hackers use DNS cache poisoning to take control of a website and redirect its traffic to a spoofed site that’s set up to steal your info.

Unlike a malicious link in an email, you could type in the correct URL for the website you want to visit and still be redirected to the spoofed site.

This form of phishing requires you to pay attention to every website you visit, especially the ones where you’re asked to enter sensitive information.

10 Ways to Prevent Phishing

There’s no way to protect yourself 100% of the time, but you can certainly minimize the risk of being victimized by a phishing attack.

Below is a short list of some actionable ways you can prevent phishing as much as possible.

1. 1. Stay up-to-date on the latest phishing techniques along with all forms of IT security threats.
   2. Develop a disaster recovery plan if you do get hacked, so you have a written and actionable protocol for dealing with the emergency.
   3. Choose a firewall that is proven to protect your type of business from phishing and other cyberattacks.
   4. Install an anti-phishing toolbar and software.
   5. Be hyper-aware of emails asking for personal and financial information.
   6. Never be pressured into entering your information online if you don’t have to. Contact the sender first to verify it is legitimate before doing anything else.
   7. Never enter your information embedded inside an email.
   8. Inspect all URLs and links for any misspelled words, odd characters, or missing letters.
   9. Only enter your information on HTTPS encrypted sites.
   10. Hire an IT security firm to help you implement proven strategies to prevent phishing and all other cyber threats.

You Don’t Have to Struggle Alone in the Fight to Prevent Phishing

Our tips will certainly help you stay safe, but in our experience, the best way to fight one form of cyberattack is to work with a company who helps you guard against all forms of cyberattacks.

An IT security company can spot holes in your security systems that you or your IT department may have missed.

They have the experience and the tools to implement a comprehensive cybersecurity plan which will go above and beyond what you could’ve done on your own.

If you want to prevent phishing and other cyber security threats, then we can help.