How To Prevent Phishing Attacks

Phishing is a term used when scammers attempt to trick you into giving out personal information such as bank account details, passwords, and credit card numbers. Phishing emails have been wreaking havoc for many years and in 2021, these scams continue to cause detrimental information and financial losses. If you are serious about preventing these attacks, the following initiatives are highly recommended:

 

  • End user training to increase identification of phishing emails
  • The use of a quality email filter for all inbound mail
  • External warning message prepended to all external emails

 

If you are not already using an email filter, you can contact our team for more information.

Tips and Examples to Increase Phishing Scam Awareness

Emails with an external email warning should always be navigated with extra caution, although your guard should not be dropped for internal company emails either. With many phishing emails, they will attempt to bait you with lookalike emails that link to malicious websites, or they will even impersonate your colleagues and contacts. It is not uncommon for phishing emails to look just like a legitimate email from a known company or government organisation.

 

Most phishing emails will place an urgency to follow their directions by threatening deactivation of a service, closure of bank accounts or even claim you will be breaking the law if you do not oblige. There are a few steps that should be taken before following any directions in an email or clicking any links it contains. Regardless of the subject matter of the email, stay calm and investigate the origin of the email. If the email looks like it is from your bank or service provider, investigate the email address it was sent from and see if it matches their official website URL. Other notable considerations:

 

  • Watch out for characters such as the letters ‘o’ replaced with the number ‘0’, or the letter ‘w’ might be replaced with the Russian character ‘ш’
  • Email addresses that lookalike to real companies or organisations, but if you look closely, they will point to a different URL.

 

An example of this is shown below

Correct: important.director@aus.gov.au

Fake:      important.director@aus.gov.au.tech.3ma1l.cloud (This points to ‘tech.3ma1l.cloud’)

 

If you receive an email from a colleague or other contact of yours requesting payment details or a wire-transfer, always verify the email address is correct and does not differ in any way. If in doubt, the best way to verify is to pick up the phone and call the contact to confirm the request is legitimate, and any payment details are correct.

What ISGQ Can Offer

As technology becomes more advanced, the more complex and dangerous phishing attacks become. Implementing the above strategies will consolidate and secure your company against these phishing attack threats. Integrated Solutions can provide further direction and guidance to ensure your cybersecurity approach meets the risk profile of your business. Get in contact with us for more information.