According to the FBI, phishing was the most common cybercrime in 2020, with 241,324 successful cases recorded across the US. As phishing methods continue to become more sophisticated, this number is set to rise.
If you're reading this, you're probably wondering how to prevent phishing attacks since it's no longer as simple as ignoring attachments on suspicious emails.
In this article, we'll explore what phishing is and the methods cybercriminals use to get their hands on sensitive data. Plus, we'll share the five best defenses against phishing attacks so that you can stay ahead of the game.
What is phishing?
Phishing is a cybercrime where people are targeted with emails, phone calls, or text messages that claim to be from reputable individuals or organizations. They aim to lure people into sending sensitive and personal data (such as passwords and banking or credit card details), or to take actions like downloading a malicious file that then delivers ransomware or spyware.
This information can then be used to access the target's accounts, resulting in data, identity and financial theft. So, how can you prevent this from happening?
1. Phishing awareness training
One of the best methods of phishing prevention is awareness. Most people you know likely have different definitions and levels of understanding of what phishing is. This may leave some of them vulnerable to this form of cybercrime.
It's important to run regular phishing awareness training sessions in your workplace, where you demonstrate the different methods, what to look out for and how to report it. Not only will this ensure that any new employees are made aware, but it also allows you to provide updates on new variants of phishing that could catch people out.
Whilst this is a crucial step in preventing phishing, it's only the beginning. Experts agree that around 121 business emails are sent and received per person on a daily basis, so it can be easy to miss the signs and fall victim to phishing.
2. Multi-factor authentication
When it comes to protecting your data online, you need to take the same level of caution that you would with your physical property. You wouldn't leave your front door open, would you? So why do that with your personal information?
Multi-factor authentication (MFA) is a phishing prevention strategy that requires additional information from people to verify their authenticity. Think of it as having multiple locks on your data that only you can open.
There are three recognized MFA factors, which are:
- Something you know: This covers information such as passwords, PIN numbers or combinations
- Something you have: This can include USB drives or token devices (for example, a time-based PIN)
- Something you are: This could be a fingerprint, facial recognition or other biometrics
You don't have to incorporate all three to be protected. Many organizations choose to use a two-factor authentication method, which incorporates two of the processes listed above.
3. Keep your software updated
Cybercriminals love software vulnerabilities. Often, they will rely on software bugs as a way of getting malware onto your device, which can be in the form of viruses, programs that steal passwords, recording software, or programs that delete data.
The good news here is that, generally, if a software manufacturer becomes aware of a bug, they will release an update to patch it. Therefore, keeping everything up-to-date will reduce malware risks.
If your software hasn't been updated, it doesn't take much to give a hacker control. In most cases, something as small as visiting a rogue website or playing infected media is all it takes.
4. Open suspicious documents in Google Drive or an isolated environment
It may be a common part of your job to open attachments from people you don't know personally; however, it isn't always easy to verify whether those files are malicious or not.
If you're unsure, the best thing to do is avoid opening them directly on your device. Instead, upload it to Google Drive (or any other online document reader), which will turn the document into an image or HTML. Because of this, you can be fairly confident that malware won't be installed on your device.
However, you need to bear in mind that any files uploaded to public websites, such as Google Drive, can be viewed by anyone who has access to that folder or entire environment. If you're concerned that the files you're opening could contain sensitive information, it’s worth investing in a dedicated operating system on an isolated virtual machine for opening and scrutinizing suspicious documents.
5. Get anti-phishing add-ons
Almost every organization is subjected to phishing attempts daily. In fact, 76% were targeted in the last year alone. An excellent way of boosting your defense against this is by downloading an anti-phishing add-on to your browser.
These add-ons can help you detect malicious websites or make you aware of well-known phishing sites. There are plenty of these add-ons available and many of them are completely free, so there's no reason not to have one installed on your device.
Egress Defend is anti-phishing add-on that is designed to detect all phishing emails, including highly convincing spear phishing and business email compromise (BEC) attacks, and impersonation attempts. Defend inspects email content, hyperlinks and attachments to make sure you don’t fall victim to a phishing attack.
Learn more about how to prevent phishing attacks
Cybercrime is constantly evolving, so you must stay in the know.
Visit the Egress phishing hub to read expert advice and learn more about the latest phishing tactics. Protect yourself and your data today.