Prevention and protection against phishing emails

Prevention and protection against phishing emails Cybergate your cyber security partner

Prevention and protection against phishing emails

Recognising and avoiding phishing emails. Prevention and protection.

Lately we’ve seen a sharp increase in the number of phishing email scams. That is a fact. Cybercriminals are being successful and are making a killing out of carefully social engineered emails. Email phishing attacks have been around since the inception of the Internet and have increased in sophistication along the years.

Quick Guide to protect yourself against a phishing attack

These are guidelines to avoid falling prey to email phishing.

Keep up-to-date with the latest email phishing techniques.

Cyber criminals are developing new phishing strategies and email phishing scams all the time. You need to stay on top of these new phishing attacks. By knowing about them you are in a much better position to avoid them. Ongoing cyber awareness training and simulation of phishing attacks for all users within the organisation help to achieve anti-phishing protection. Security needs to be top of mind throughout any organisation.

When in doubt do not click.

Clicking on links in random emails, chat messages and text messages is to be avoided altogether. Phishing attacks claim to be legitimate but trick the receiver to click-through to a fake website (which more often than not looks identical to a legit site), download malware, carry out a task (such as transfer funds to a provided bank account) and/or provide sensitive information like credit card numbers. When in doubt, always contact the original company to ensure the email is authentic. An indication, emails are phishing attacks and not legitimate, is the way they address the recipient.

Scam emails usually start with ‘Dear Customer’ and do not use real names. So in a nutshell always think before you click! A good practice is to install anti-phishing toolbars in your web browser that check websites and notify users that a site is malicious. This is an additional protection layer against phishing attacks.

Use an updated Firewall and Antivirus Software

Firewalls act as buffers between users and outside intruders. Firewalls come in different forms, namely as software, as the case with desktop firewalls, and hardware in case of network firewall. The use of a good quality firewall, reduces the risk of hacks and phishing attacks infiltrating your network and computer.

On the other hand, antivirus software scans all the incoming files to alert users with malicious files that can damage your computer and/or system. It is of paramount importance that such software is kept up to date with the latest definitions to defend against new scams, ransomware, malware and spyware. Firewalls prevent access to malicious software by blocking the attacks.

Common Phishing Attacks

Phishing attacks are by far the most common type of cyber and information security challenges of this day and age. Black hat hackers use social engineering techniques to gain access to credentials, sensitive data and valuable information. One of the most popular forms of phishing is where malicious actors impersonate a brand and use an email address which is linked to a domain (very!) similar to the legitimate one.

Spear phishing is another type of phishing whereby attackers use a fake company name, but do some basic research to find information about the recipient before sending out the deadly email (usually they find the name and designation of the person on the receiving end).

Email takeovers are increasing in commonality where hackers take control of a mailbox of a person high up in an organisation’s hierarchy and subsequently send emails to colleagues and team members asking for actions (such as transfer of funds!) to be executed.

Tips to avoid falling victim of Phishing Attacks

Always keep your computer and other devices’ operating systems and security software up to date. Usually it is common practice to set such software on auto-update. Protect all your accounts by utilising multi-factor authentication. This way you’d be adding an extra layer of security to your log-in process (ex. Passcodes generated via authentication apps, and fingerprint or retina scan).

These protection efforts make it harder for hackers to break into your systems. Back up your data regularly and ensure backups are in perfect working condition, should they need to be reinstated.

    We are here to help

    francesco mifsud cybergate your cyber security partner
    Francesco Mifsud
    [email protected]

    I live and breathe cyber security and everything else in the discipline. With around a decade of experience in the industry I have had the opportunity to develop skills in penetration testing, cloud security, reverse engineering & exploit development, application security engineering, management and organisation-wide cyber security strategy. I hold a well-rounded set of security certifications such as OSCP, eWPTX and CISSP and have delivered training & workshops at some of the most prestigious hacking conferences such as DEF CON, BRU CON, BSides London and BSides Manchester.