How to Stop Phishing Emails
Phishing emails might look like any other bothersome message from a bank or business, but if you’ve fallen victim to a phishing attack, you know these messages are much more than that.
Four percent of people who receive any given phishing email will click on it. In fact, there are only 16 minutes between the time a phishing campaign is sent out and the time its first victim clicks on it. From there, these victims are susceptible to malware implementation and data breaches that could be detrimental to companies of any size. But email isn’t the only form of phishing that’s penetrating business networks, we’re also seeing a rise in mobile phone phishing attempts from SMS messages, to social media, to phone calls.
Unfortunately, phishing campaigns aren’t going away any time soon. But you can take several steps toward ensuring your company stays safe from phishing’s harmful effects. Here are five tips on how businesses can prevent phishing email attacks.
1. Implement Employee Training
Authentic-looking phishing emails have evolved to fool nearly anyone, from unpaid interns to trained IT professionals and C-level executives. Proper training is one of the top forms of business phishing prevention, as it helps the entire workforce narrow their risk of becoming a victim to phishing schemes.
You and your employees should continue to discuss anti-phishing techniques to prevent leaking sensitive information. Regular training sessions are more effective than a single lesson. Here are some of the top things for you and your employees to discuss during your meetings:
- Never Give out Personal Information When Prompted by Email: Most legitimate companies will never ask you to provide sensitive information such as account numbers, passwords or personal details via email.
- Be Wary of Misspellings and Grammatical Errors: Authentic brands take their web and email copy seriously and won’t publish messages riddled with mistakes. Pay particular attention to the company’s name and logo.
- Beware of Threatening or Imperative Language: Phishers will often use scare tactics to get customers to act immediately for fear that their account will be suspended.
- Report Suspicious Emails ASAP: Take the email to a supervisor if you have any doubts — and don’t click on any links or attachments if you’re unsure if it’s authentic.
2. Filter Your Messages With Your Email Host
When you find an email you’re pretty sure is spam, you can prevent further phishing emails through your email host. You can train email hosts such as Gmail to recognize spam by reporting any phishing emails you come across as spam. The more you mark phishing emails as spam, the more your provider will identify and separate illegitimate emails from real ones.
Certain email service providers even perform some filtering and blocking automatically. But if some messages are still getting through despite enabling automatic filtering or consistent marking, you might also consider setting rules to filter messages from specific senders into your junk mail automatically.
3. Think Twice Before Clicking a URL
Phishers rely on their messages looking as authentic as possible to fool their victims — so even if you take proper precautions such as training and automatic filtering, you might still find a realistic-looking phishing email in your inbox that you’re tempted to click on. It’s crucial to stay skeptical, even if an email appears to be innocent.
Before clicking on attachments or links to any site, take a look at the URL to make sure it’s exactly what you’d expect it to be. On a desktop or laptop computer, use your mouse to hover over the link to view the URL before you click. On a mobile phone or tablet, you can click and hold the link with your finger to display the URL.
The site’s URL should begin with “HTTPS” — not just “HTTP” — and you should find a closed lock icon near the address bar. If your connection to the site isn’t secure, or if you notice a website security certificate warning, navigate away from the URL immediately. However, not every HTTPS site is a secure one, so you should remain cautious about “secure” sites that urge you to give out personal information.
4. Confirm Password Security
You might think the vast number of phishing attacks, security breaches and hacks each year would be enough for anyone to stop in their tracks and give their passwords a quick update. Unfortunately, many workers don’t take their password security as seriously as they should. If you’re worried about how your business can prevent phishing attacks, taking a look at your company’s passwords should be one of your top priorities.
In 2017, the most commonly hacked passwords in the world included “password,” “qwerty,” “letmein,” “admin,” “welcome” and variations of “123456,” among others. If your workplace allows employees to choose their passwords, it’s quite likely that you have a few of these top passwords guarding your system’s database.
Educate your employees about the dangers of using these and other common passwords on workplace computers. If you store user passwords within your database, make sure they’re encrypted so you can’t read them as plain text.
5. Practice Network Security
With a rising number of cyber attacks toward small businesses, it’s essential for companies to continually comply with security best practices to mitigate their risk of being targeted and threatened. Network security is a set of technology practices put in place to lessen the chance of phishing attacks and other cyber crimes.
Network security makes sure your client-facing websites and portals are safe and reliant while also ensuring the data and information within your infrastructure stays secure. You can take several measures to increase your network security, such as:
- Install firewalls, anti-virus software and other internal controls
- Implement a combination of cloud-based storage and local device storage
- Employ web content filters
- Set access controls and password-protect all tools, devices and programs
- Back up your data regularly
In addition to protecting against phishing schemes, network security practices can prevent data breaches, malware, session hijacking, denial of service attacks and much more.
Contact Consolidated Technologies, Inc. for Proactive Network Security Solutions
Lessening your risk of phishing attacks and other cyber threats can be intimidating on your own — especially if you operate a small business or aren’t familiar with IT. You can enjoy peace of mind without having to shift your focus from your normal business operations when you trust your security solutions to Consolidated Technologies, Inc.
For more than 20 years, we’ve helped businesses like yours take control of their systems and network security. We’re here to help you with your business phishing prevention and much more. Don’t wait until you’ve fallen prey to a phishing scheme. Contact us today to learn more about our security solutions and how they can benefit your company.