The Oxford Learner Dictionary defines phishing as the fraudulent practice of sending emails or other messages purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers. This information is then used to access and take over the victims’ accounts, which can result in installing malware, identity theft, data breaches, and other negative consequences. You can protect yourself from phishing attacks with these simple and effective tips.
According to Jeff Orr, a technology strategist “…people want to do their job. And in many jobs, there is a need to click on links and open attachments”. This makes phishing attacks successful: even advanced cyber threats such as Mustang Panda and APT34 use phishing methods to gain initial access to their victims’ environment.
Some of the practical ways of protecting yourself and your organization from phishing attacks are provided below:
1. Think Before You Click
Unexpected emails with links and attachments should be treated suspiciously. Cybercriminals embed enticing but malicious links and attachments in emails to make unsuspecting users click or open them. Once a link or attachment is opened cybercriminals can gain remote access to your device’s information and data, steal your login credentials, or encrypt your files and ask for a ransom. When you are not sure of the legitimacy of the email, contact the organization or individual who sent the email using a different communication medium like a phone call or instant messaging to verify the authenticity of the received email.
2. Enable Multi-Factor Authentication (MFA)
Accounts should enable MFA whenever possible, as it adds a layer of security by requiring more than just 1 factor (password) for account access. MFA is a multistep account login process that requires users to present 2 or more pieces of evidence to prove that they are valid users of a system. MFA factors fall into 3 categories namely, who you are (i.e., biometrics), what you know (i.e., passwords), and what you have (i.e., smart cards). An even better method would be using phishing-resistant MFAs such as hardware tokens, biometrics, smartcards, and certificate-based authentication.
3. Stay Informed and Educated
Cybercriminals are constantly evolving and improving phishing techniques to evade human and cybersecurity defenses. Therefore, one should keep updated about new phishing techniques and cybersecurity best practices through reading security awareness blogs and newsletters that provide timely and relevant information about phishing methods and prevention tips.
4. Maintain Security Software and Hardware
Organizations and individuals should install and regularly update antivirus software, spam filters, and next-generation firewalls to detect and block phishing attacks. These technologies can mitigate phishing attacks by blocking emails with malicious links and/or attachments in addition to blocking connections to known phishing sites.
Conclusion
Successful phishing attacks can have dire consequences including unauthorized access to personal and system information, identity theft, data breaches, and others that would negatively affect the compromised individual or organization. By remaining vigilant while using internet-enabled devices, you can protect your personal information and your organization’s security.
If you suspect any phishing attempts or receive suspicious emails, please report them immediately to the CERT for further investigation and mitigation.
Stay safe, stay alert, and we can defend against cyber threats together.