Menu
INSIGHT: Top 3 ways to prevent phishing

INSIGHT: Top 3 ways to prevent phishing

What can you do to reduce the phishing threat?

After training, only 1.2 per cent were likely to be victims. These trained employees become a “human firewall”, Mitnick said. Still think cybersecurity awareness is a waste of time?

Step 3: Train your users

Next, it’s time to train your users. There are specialist companies who run training exercises but this can also be done in-house. Here are some of the things you should teach your users:

• Learn how to spot a phishing email (more about this below);

• Only click links in email you know for certain are legitimate;

• Do not open or interact with emails from businesses unless you were expecting them. Ignore the message and go directly to the website if worried about the contents;

• Never, EVER, enter your credentials or credit card information on an email. Also make sure you enter your sensitive information on secure websites;

• If by accident you clicked a malicious link or somehow fell under attack by malware, shut down your machine or immediately start a virus scan and get in touch with the IT admin.

Another technique phishers use is to keep sending the same bogus email repeatedly, hoping the victim will eventually fall for it.

Unfortunately, this technique has proved to work. In a recent report by Verizon it was revealed that “running a campaign with just three e-mails gives the attacker a better than 50 percent chance of getting at least one click.

Run that campaign twice and that probability goes up to 80 percent.” The report continued, “sending 10 phishing e-mails approaches the point where most attackers would be able to slap a ‘guaranteed’ sticker on getting a click.”

What the phishing lure looks like

One way to spot a phishing attack is to know what it looks like. Phishing emails will use similar branding to the emulated service but there are certain things you can look out for and Microsoft Security Centre offers the following example.

Some items to look for are misspelled words and bad grammar typical of phishing messages from Eastern Europe and China. Phishing emails sometimes include links within the email that look legitimate but really link to bad sites and they either contain threats or promote gifts.

There are other indicators that a trained eye will spot easily. Check the email address of the sender; place the cursor (DO NOT CLICK) over the address and check in the bottom left of your browser where that link is pointing to. You can do the same for links in the body text.

For years, banks and ecommerce sites have implemented clear guidelines on how they contact customers and request information. They don’t ask for your details by email. Simple. If, for example, you use online banking services, any messages will be sent to customers inside that system which most likely uses 2-factor authentication.

One final word of advice you can give to users is “think before you click”. Tell them to take a few extra seconds before opening attachments or clicking on links.

Even better, if they have any doubts, call help and forward that email. If it’s spam, help staff will quarantine the email and add it to their blocklist.

When users start identifying phishing email and passing them on to IT support, you know your message has hit home.

Tools of the anti-phishing trade

Remember, you’re not alone in this fight. There are many tools out there designed to help you get rid of the scourge that is unwanted emails and email attacks.

GFI MailEssentials, for example, does just that by getting rid of 99 per cent of spam messages, and has special anti-phishing features built right in.

By Doug Barney - GFI Software


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwarephishingGFI Softwarecyber

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments