How to Prevent Phishing in the Workplace
Phishing is a cyberattack whose purpose is to steal sensitive information and/or money from the victim (Ollmann, 2004). The attack can be carried out through multiple mediums such as social network websites, email, cloud computing, e-banking, and mobile systems.
Email remains the most common medium for phishing attacks, although attackers are also using social media and text messaging. Social media phishing uses the social platform’s built-in messaging capabilities to trick victims. Spear phishing is targeted at specific people within an organization, typically high-privilege account holders, and persuades them to authenticate into a spoofed login page that sends credentials to the attacker.
The attacker collects the spoils in the valuables acquisition phase. The spoils could include sensitive information, money, or malware. The attacker can use the stolen information for various malicious purposes such as committing more frauds or blackmailing the victim.
Educating employees on how to identify and report suspicious emails is key to combating phishing. Having procedures for verifying requests for personal information is also important. Legitimate organizations will never request this information through unsecure channels such as email or phone.
Employees should always verify requests for personal information by contacting the person or company directly through methods that have not been compromised. This includes calling a number listed on the company’s website or using contact information obtained independently. Using software tools to verify the authenticity of URLs, attachments, and hyperlinks will also help prevent phishing. Employees should be suspicious of any messages with a sense of urgency or threats. In addition, any message with misspellings or grammatical errors should be flagged. Shortened links are a common tactic of phishing, since they can hide the true address of the link.