How to Prevent Phishing
Phishing is a cyberattack that targets individuals and organisations, using email, text or illegitimate websites to steal personal information. This can lead to financial loss, identity theft and damage to an organisation’s reputation.
The first step in preventing phishing is to be suspicious of unsolicited emails. Check the sender, subject and attachments to make sure they are legitimate before clicking on links or opening any files. If in doubt, contact the alleged sender directly to confirm. Also check the URL of any links you are unsure about – if it is not a recognised domain or contains spelling mistakes or characters that don’t match, then it is likely fraudulent.
Often the first sign of a phishing attack is when it asks for personal or confidential information, such as a credit card number or account login details. Never give this information out in an email or over the phone unless you are expecting it to arrive from a trusted source (e.g. a bank or credit card company). If in any doubt, always call the organisation and use their published telephone number to verify information.
Other types of phishing include spear phishing, which targets employees of a specific organisation, and BEC attacks (Business Email Compromise), where attackers target the email address book of senior executives within an organization. These phishing attacks are typically more sophisticated than others as they are designed to target a large number of people with a high success rate.