How to Prevent Phishing in 2020
Wondering how to prevent phishing more effectively in the era of cybercrime? It’s one of the oldest types of attacks and the most prevalent tactic used against businesses today.
Scammers use professional-looking emails to fool unsuspecting users to hand over login credentials to bank accounts or other sensitive services – often through a bogus link. They’ve gotten better. It’s now harder than ever to spot and prevent a phishing attack. According to leading security experts, Avanan, the average employee receives between four and five phishing emails each week. At least 30 percent of them succeed, costing a company an average of $54,000 per attack.
It’s imperative to train employees on how to prevent phishing as the prevalence of this type of cyberattack shows no sign of abating.
5 Ways to Recognize and Prevent Phishing Scams in 2020
Phishing falls into the class of social engineering cyberattacks. Social engineering uses a combination of deception and psychology to fool someone into handing over sensitive information, such as personal details or login credentials. Phishing is particularly dangerous because scammers will study their target before crafting an email. They know what types of communications an employee might be expecting, and often precisely who their recipient needs to be to maximize success.
Phishing attempts can be incredibly challenging to spot. Here are five tips on how to prevent phishing scams from crippling a company.
1. Learn the Features of a Phishing Email
Phishing emails have come a long way since their inception in the early 1990s. Today’s phishing emails may appear as genuine and professionally crafted as the legitimate communications they seek to replicate. Nonetheless, a few features of phishing emails exist. These clues may include:
- Minor typos. Phishing emails commonly use broken English, or Google translate text like they used to. Still, minor typos might appear, which would never in a legitimate email.
- Elaborate stories. According to the FTC, most phishing emails include an elaborate story involving suspicious activity, excessive login attempts, or some other problem with an account. They ask users to call them with their personal information to confirm their identity. Don’t do it.
- Unrecognized sender. Always carefully check the email address from which an email was sent. Scammers will attempt to trick users with cloaked or similar spellings to fool distracted eyes.
- Unrealistic threats or demands. Some scammers won’t even hide the fact that they’re a cyber threat. They’ll make claims such as having access to contact information or possession of a damaging video.
- Links within the email. Many companies, such as some banks, no longer include links in their email communications. Be wary of an email prompting a login via a provided link.
2. Never Click Email Links
Train employees never to click links within emails. It’s simply too easy for hackers to cloak malicious links with a legitimate-looking URL. Instead, provide a list of login links in the form of pre-created bookmarks on all company computers. Encourage employees to navigate to one of these links in the browser when logging into sensitive sites.
3. Establish a Company Communications Policy
In 2018, Cisco made a rather frightening discovery – some phishers have perfected the art of masquerading as bosses, CEOs, or owners of a company. Known as the Business Email Compromise attack, these are phishing attacks in which a scammer attempts to trick an employee into carrying out business activities that they think were requested by their superior.
This is a rapidly growing type of phishing attack which generated 351,936 reports and losses exceeding $2.7 billion worldwide in 2018. Combat this by establishing a company communications policy that outlines when, where, why, from whom, and to whom C-suite executives or other parts of the company will communicate with employees.
4. Keep Employee Email Addresses Protected
Make it harder for phishers to determine precisely where they should send their emails by protecting employee email addresses online. Use catch-all emails for things like customer support or initial contact for communications through a website. Likewise, discourage employees from listing their direct work email publicly where a scammer can easily find it.
5. Use Modern Software
Use a modern browser and antivirus to maximize email safety. Many antiviruses now come with email security features to help detect phishing emails or malicious attachments. Likewise, modern emails like Gmail include enhanced security measures. A sandbox, for example, can keep malicious code or malware in a phishing email contained and unable to affect a system.
Not Sure How to Prevent Phishing? Contact Us Now
Cybersecurity is more important than ever, and it’s critical to understand how to prevent phishing attacks. Businesses make prime targets because the average employee is inundated with emails and tasks daily. However, with the help of a workflow solutions expert, companies can prepare, prevent, and neutralize these damaging attacks.
James Imaging helps companies improve their document security through the use of modern technology. Contact us today to get started.