Phishing is a technique aimed at stealing confidential information – such as passwords – by tricking users into thinking they are giving such information to a trustworthy party. While emails are still largely used for this type of attack, social media is also creating new opportunities for phishing.
Here are some tips on how to avoid phishing, whether as a company or individual.
- Learn the telltale signs of phishing emails
Phishing emails tend to have certain consistent characteristics. They are usually designed to resemble the normal emails that a reputable person or organisation might send to you. When you click on a link in such an email, it may even direct you to a fake site resembling that firm’s actual site.
Such emails also often seek to prompt an urgent response from you. For example, they may do this by suggesting that they are about to close your account, or by offering a gift.
- Never click on a link in an email claiming to be from your bank
You don’t need to click on a link in an email to visit your bank’s website. Such a link could easily direct you to a fraudulent site. You should therefore always type the URL for the bank’s site directly into your web browser, or keep the link in your favourites or bookmarks tab.
- Consider the source of every link
‘Think before you click’ is great general advice on how to avoid phishing. Clicking on a link when you are already on a reputable site is fine. However, it’s not such a good idea to click on random links in emails and instant messages. Always hover your mouse cursor over a link to determine its source before you click on it.
- Educate your employees about phishing
Even if just one employee of yours is unfamiliar with common phishing tactics, your company could be at risk. So, at least inform them of the basics of security awareness. Do they know, for instance, that no credible website would request them to send their password via email? Are they wary of emails with attachments from people they don’t know? Do they check each URL before clicking?
- If you are in any doubt, don’t risk it
The most robust tip on how to prevent phishing is to reject any email that asks for confidential data. If you receive such an email, call the source that it claims to be from – such as your bank – to rule out the possibility of a phishing attack.
There is no single foolproof method for avoiding becoming a victim of phishing. Nonetheless, these approaches should help to minimise the risk. Contact SmilePass today to speak to us about how our solutions can assist in protecting your firm from social engineering fraud.