How to Prevent Phishing
Phishing is a cybercrime that targets individuals, businesses and organizations to gain access to sensitive information. Attackers leverage social engineering, impersonation and other tactics to trick unsuspecting victims into providing passwords and other account credentials that are then used to steal data, money or identities. These attacks can lead to business email compromise (BEC), account takeover (ATO) and ransomware.
A common phishing tactic is to target new employees with messages that pretend to be from their employer, bank or other institution. These messages may warn that their account is in danger of being deactivated or revoked if they do not log in soon. The message may also include a link to a spoof website that installs malware on the victim’s system, giving attackers the ability to harvest private information such as credit card numbers and logins, or use it to commit fraud and identity theft.
It is important to raise awareness of how phishing works and educate employees on the warning signs to look for in suspicious communications, such as misspelled words, odd syntax or excessive use of capitalization. It is also a good idea to have employees participate in regular phishing drills and encourage them to change their passwords regularly to reduce an attacker’s window of opportunity, and implement MFA that includes additional authentication methods such as a one-time passcode sent to a mobile device or requiring physical security tokens.
In addition to these tactics, organisations can help prevent phishing by deploying DMARC and encouraging their contacts to do the same. DMARC is a global standard that allows businesses to register their brand names and create an assurance mark that verifies the legitimacy of emails asking for sensitive information.