How to Protect Yourself From Phishing
Phishing is an attempt to steal information (such as passwords, financial details or account numbers) by impersonating a legitimate organization. Attackers often use a sense of urgency to convince the victim to click on malicious links or open attached documents, which can download malware or send the victim to fake websites that request sensitive data such as credit card numbers, email addresses, phone numbers and other personal information.
Victims of phishing attacks are not just individuals, but entire organizations. Attackers can target specific departments, or sift through corporate data to find the most valuable information. These targeted attacks are known as whaling attacks and can include senior managers, CEOs or other high-ranking executives.
Educating employees is the most effective way to combat phishing, but it’s important to keep in mind that even a single successful phishing attack can cost an organisation millions of dollars in lost revenue, reputation damage and litigation. Organisations should provide regular training, and make it easy for staff to report suspicious emails. They should also deploy security tools like Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework and Domain Keys Identified Mail (SPF) to help filter out phishing attempts.
Individuals should be alert to suspicious emails, especially those that demand personal or financial information. Look for spelling and grammatical errors, claims of urgency or slightly-off URLs (hovering the cursor over the link can reveal the destination address). And never give out personal information in emails or over the phone, even if it’s just a password or bank account number. Instead, contact the organisation directly using a known method of communication.