Cyberattacks happen, on average, every 39 seconds. A good percentage of these attacks are through social engineering, which is the art of manipulating or deceiving a person into taking some action that is not in the best interest of the organization. One of the most common tactics of social engineering is phishing. This is a process where scammers try to trick a person into giving out sensitive information by clicking on a link or downloading an infected attachment. Emails are usually disguised as contacts of people or companies you trust, so it is easy to fall for an urgent request to take action in the email.
As part of a multi-layered cyber security defense, employees must do their part to keep their organization safe from cybercrime. Despite all the technical defenses an organization may have in place, people are always going to be the weakest link. That is why it is important to form a “human firewall” in acting as a barrier between an organization’s internal network and the external forces that are trying to gain illegal access. So, what is the best prevention to avoid being a victim of a phishing scam?
10 Ways to Avoid a Phishing Attack
The best advice is to “stop, look and think” before taking action, like clicking on a link or opening a suspicious attachment. Here are several guidelines provided by KnowBe4, a leading security awareness training and simulation platform, to prevent a devastating phishing incident due to human error.
- Slow down. Carefully read each message as it comes in and think before you click.
- Perform a mouseover on links to see what really lies beneath the URL. By hovering, not clicking, the cursor over the link, a URL or email address, you will see a pop-up of the actual website address to alert you if it is suspicious.
- Beware of poor spelling and grammar, lots of capital letters or too much punctuation.
- Look out for generic greetings, such as dear customer or dear sir or madam.
- Verify the email address and company logos. Scammers can change one single letter or slightly change a logo to make the email seem real. Pay close attention.
- Remain skeptical. If an email says you have won an all-expenses-paid vacation or that an uncle you have never met wants to send you money, it is most likely a phishing attack. Watch for anything out of the ordinary. Do not let your emotions get the better of you.
- Phishing attacks often push a sense of urgency. Your account has been compromised, log in immediately. Or they will use fear tactics to convince people to click, like they need to appear in court.
- Remember government entities and tax collectors will not email you asking for payment. If unsure, go directly to the website and log in or call the number associated with your account.
- Phishing attacks often come with malware attached. Use extreme caution when you receive a random attachment. If you are 100% unsure it is trustworthy, avoid downloading any attachments.
- Never make assumptions. Even if an email appears to be from your boss, co-worker or a family member, it could be a scam. Any request for sensitive information or money should immediately raise your suspicions.
As human firewalls, we must use common sense, think before we click and always follow policy to avoid phishing scams.