Phishing Email Prevention Methods - Why Are They Critical?

By Bob Gorman posted 05-18-2019 04:53


"You should be prepared to defend yourself from any kind of attack" – I guess you've heard this line many times before. Since we were kids, we always listened that there are bad people (or a big bad wolf) out there, trying to get to us. With the rise of the Internet, things only got more complicated.

It wasn't enough to just play it safe, and avoid any suspicious pages and resources. They were attacking us practically on our cyber doorstep – right into our e-mail boxes. So, we had to act fast and figure out how to protect ourselves from one of the most common forms of cyber-attack – phishing.

What exactly is phishing?

One of the easiest forms of cyber-attack is phishing. But once it's successful, attackers have everything they need to infiltrate into your personal and working lives. Pretty scary, isn’t? In early days, like 20-25 years ago, hackers were successful because it was something new, never seen before. They managed to steal your passwords and other personal data. In many ways, this is still very much the same, some 25 years later, and simply - because it works!

Phishing used to be carried out over email, but now it has exploded into social media, messaging services and apps. So, what’s the trick, and is there a PhishProtection magic pill?  Phishing scammers get people doing what they want. And they usually want personal data, passwords to make it easier to hack a company, your bank or any connected organization’s data that transfers payments to fraudsters instead of the real account.

One small step for you and big for the hackers

Simply said, you are one click away from becoming a victim. You may be tricked into a clicking a link leading to a shady webpage where you’ll be requested to enter personal information.

Some of these campaigns trick users into downloading and installing malware, like ransomware. This way is the fastest and most profitable for the attackers.

Today, more modern phishing plays a long game. It creates loads of fake social media profiles, emails and communicates with the victim for months or even years. This is especially the case with more hand-picked targets, as they are tricked to hand over sensitive data to people they thought can trust.

The data type ranges from email address and password, to credit card details or online banking credentials, and a social security number.

Phishing revolves around scammers tricking users into giving up personal data or access to different systems related to the victim. This practically stolen data could even lead to selling people's private information on the dark web, or any kind of blackmail.

How to fight a phishing attack

So, 99% of the people simply don't have the time to analyze every email - and this makes them a perfect victim.

But here are the things to look out for:

  • An email requesting personal information, bank details, passwords
  • Emails with grammatical errors
  • If you’re not sure, do not click on a link while on a mobile device – it’s safer
  • Hover your mouse over the URL to see if it’s legitimate if you are on a PC or laptop

Don’t click it if you have any doubt.

And remember, there is no "winning voucher". Phishing techniques include prizes won in fake competitions such as lotteries or various retailers’ offers.  

If you are a business owner, phishers can also try to trick your employees. Make sure all of your employees understand how important it is to establish and follow procedures.

Raising security culture

It's time to re-think your password security: so, no more "Joe123", or "password: password" solutions. Encrypting passwords (not to be read in plain text) is a good precaution when it comes to the secure passwords storage.

Email Authentication could be another solution that protects email users from fraudulent communications. The most frequently used email authentication standards are SPF, DKIM, and DMARC. These standards were designed to supplement SMTP, the basic protocol used to send an email. SMTP itself doesn’t provide any authentication mechanisms. It basically validates emails to detect malicious content, even the message might appear legitimate from a human perspective.

When it comes to managing threats, try to keep a proactive approach  - it's worth the trouble.