Six tips to protect employees from phishing attacks
Make sure no-one gets a good catch at an employee's expense - consumer security provider BullGuard has put together a few tips on Phishing prevention
What is phishing?
Phishing is a form of identity theft that is popular with hackers. Phishing attempts seek to steal your personal data, most commonly passwords and banking information, including credit and debit card details.
Hackers do this by sending fraudulent emails or directing users to websites that have specifically been set up to ‘harvest’ your personal information. The emails and websites are designed to look legitimate, that is, from organisations that you know and trust, whether it’s an online bank or social network.
Most often an email sends you to a website that will request your personal details. However, when you enter your data, it’s actually going directly to the hackers who will use it to try and access your accounts whether it’s a bank, social network or some other. Some of the sites that are most commonly ‘spoofed’- that is imitated- include PayPal, financial institutions, Yahoo and eBay.
1. 1. Warn users about emails
Phishing emails can often be identified because they ask for confidential information such as passwords and account details. Some emails will embed forms in the email that request confidential information such as name, address, banking details and so on. The hackers are often able to track all information entered. Most banks and organisations will never send out emails requesting this information unless you have made a specific request to them. So, if you haven’t and you receive an email like this be extremely wary.
2. 2. Don't give in to threats
Phishers often use scare tactics. They send emails that threaten to discontinue a service or disable an account if you don’t perform a specific action, such as providing payment details or if you don’t update your information. If you receive an email like this from an organisation you know check directly with the organisation. As a common rule, it’s extremely unusual for any legitimate organisation to use such aggressive tactics. Most companies tend to be more circumspect and will rarely request sensitive information.
Another phishing giveaway is emails that make generic requests. Phishing emails are often generalised, while authentic emails will at least mention your name or account information. Some phishing emails even come from financial organisations that you have ever had any dealings with.
Don’t fall for the free give-aways. Many phishing attempts come disguised as outrageous give-aways such as a free iPad or £500 free to spend in a well known retailer. You’re often lured to a website, via a link, to simply enter your details in order to win big. However, increasingly, these types of websites embed a virus into your computer and capture all your keystrokes in order to get your passwords and bank account details.
Watch out for pop-up warnings. These often scream out at you that your computer has been compromised and to secure it you need to download a security fix. If you click, you’ll open up your computer to all sorts of nasty viruses. So don’t panic, simply turn away.
Make sure you’ve got good security software on your computer. It combats phishing by identifying ‘bad’ links in emails, and automatically detects and blocks fake websites, flagging them up to you. It also authenticates major banking and shopping websites.