Phishing Prevention Best Practices
Phishing detection is becoming harder
Recently I’ve noticed an uptick in very legitimate-appearing phishing emails. One came in as an email from “someone I knew” saying they had a task for me and to send them my personal number so they could reach me. My alarm bells went off because:
- The real person already had my phone number.
- They had “reached” me just fine through the email – why ask for my phone number?
Upon closer inspection, I could see that the person’s name was there, but the actual email address looked suspicious. One of the reasons we recommend getting a Microsoft 365 or google Workspace account instead of using a free Yahoo or Gmail account is that employee emails are authenticated. We’ve had clients who have accidentally given away private information, mistakenly believing they were giving the information to a co-worker. As you can imagine, this data breach leads to a whole host of headaches.
Phishing prevention best practices
1. Never give out your email password
2. Never send passwords via email
3. Never send credit card information via email
4. Never send HIPAA or other sensitive information over email
Email is an insecure platform. Even without hackers being involved, you could mis-type an email address and inadvertently expose sensitive information. Don’t take the risk. The small convenience factor isn’t worth it.
Common phishing and malware scams
Hackers are becoming quite sophisticated, I’ve seen a few good imposters of Microsoft emails lately. Here’s a good example and where to look for clues that the email is not legitimate.
If you were to open up one of these emails, you expose your network to:
- Computer viruses, which are designed to self-replicate by sending an email from YOU to all the people in your contact list.
- Ransomware, where the hackers hold your data hostage until you pay them. FYI: Don’t pay them!
- Spyware, which will collect information from your computer and send it to the hackers.
How to Identify Phishing Emails
How can you find a phishing email / malware?
- Look at the sender’s email address. Usually the sender’s email address will not be a legit email associated with the organization that they are claiming to be from. They may claim to be from a company or a bank or even a friend or coworker, but the email address could have a totally different domain address.
- Look at who they are addressing. If they are part of a legitimate company that you work with, they should know your name. If it is a phishing email, it will most likely address you by your email address or a general name such as customer.
- Be on the lookout for bad grammar. Many times, there can be small to moderate grammatical errors that could easily be missed when quickly scanning an email.
- Be wary whenever someone tries to get you to provide personal information. They may give their own links that do not go where they say they will go, Hover over the link to see the website address. If you’re in doubt, ignore the email. Open a new web browser and login to your account. If a bank, Microsoft, Paypal or other service provider has a special alert, you can get the same information by going directly to their site.
Malware scams and phishing prevention
Anti-virus software, firewalls and other data security solutions can stop most malware attacks, but they’re not infallible. If you open a suspicious email, contact an IT Professional IMMEDIATELY. The longer you wait, the worse the problem can become.
We help clients with data security breach prevention – and post-malware cleanup. Need our help? Give us a call at 586.263.1775 or support@eclipse-online.com to set up your phishing prevention best practices.
Frequently Asked Questions
How does phishing prevention work?
Anti-virus software, firewalls and other data security solutions can stop most malware attacks
How to identify phishing emails?
Look at the sender’s email address.
Look at who they are addressing.
Be on the lookout for bad grammar.
Be wary whenever someone tries to get you to provide personal information.
What’s a phishing test?
A phishing test is a fake (but realistic looking) phishing email to employees to test whether they are following the proper process when opening emails.