How to Prevent Phishing Attacks

What Types of Phishing Attacks and Scams Are There?

There are numerous ways criminals will try to attack you. Here are some of the most common types of phishing attacks:

• Email phishing. This is the most common type of attack. It’s typically sent to as many people as possible within an organization. There is usually a sense of urgency in the message, asking the recipient to respond as quickly as possible. A malicious link in the email may bring them to a fake webpage to fill in some personal information or a request to buy gift cards and include the codes in the response.
• Spear phishing. This is a targeted attack sent to a select few individuals at an organization. Criminals may impersonate someone the targeted individual works with or knows. The email will typically include the recipient’s name to make it more personal. Again, there may be a sense of urgency included in the email.
• Whaling. In this instance, a senior executive (known to criminals as a bigger fish) is targeted. The email will typically force the recipient to act because of the content of the message, such as the intention to sue the individual or the organization.
• Business email compromise (BEC). A criminal will successfully take control of an executive and use their account to get employees to do their bidding, such as sending a wire transfer. BEC is also known as CEO fraud.
• Vishing. This is also known as voice phishing. A call will be made from what appears to be a financial institution or government body, claiming that a large sum of money is owed or there’s suspicious credit card activity. The criminal may ask to verify their bank account information or credit card details.
• Smishing. Criminals can send SMS or text messages to pose as a legitimate organization. Included in the message will often be a malicious link that will require the user to enter some personal information.

While social media phishing is another type of phishing attack done through one of those platforms, criminals have become much more sophisticated over the years by using social media to gather information. They can look up potential victims on Facebook or LinkedIn and quickly be able to find their friends, co-workers, and business contacts. Criminals can use this information and pose as someone in a potential victim’s network or circle of friends. That is called social engineering.

How to Recognize a Phishing Attack

The federal government suggests you should look out for red flags in a message, such as:

• Language that pressures you to act quickly
• Requests for personal information or to verify passwords and information
• Spelling and grammar mistakes
• Email addresses or links that look suspicious
• Blurry images or a design that doesn’t look professional

What to Do If You Suspect a Phishing Attack and How to Report It

If you’re not sure whether an email is a phishing attack, the best plan of action is:

• Don’t click on any links. Check out the organization in your web browser for more information. That way, you know you’re getting information from a legitimate source.
• Don’t download unexpected files. A legitimate organization typically won’t send you files or forms without telling you ahead of time.
• Contact the sender directly. Don’t reply to the message. Instead, reach out to the sender by finding the contact information on their official website.
• Report it. Notify your IT or security department immediately. Don’t forward the email to any other co-workers because they may accidentally click on something. You should also notify the federal government’s Canadian Anti-Fraud Centre.

4 Ways to Prevent Phishing Attacks

If you want to know how to prevent phishing attacks, here are four tips to keep in mind:

1. Remove phone and email addresses from your website

While this information is good to have from a customer service standpoint, it also makes it easier for criminals to target your company and employees.

2. Ask your employees to avoid oversharing on social media

You can ask employees not to reveal their location, job position, work email address, screenshots of conversations, and phone numbers and addresses on social media. On Facebook, it makes sense if nearly all that information isn’t in their profile. However, many may balk if you ask them to exclude their job position or location on LinkedIn.

3. Improve cybersecurity measures

You should consider doing the following: use email security systems to filter out potentially hazardous emails; block users from accessing certain sites through website filtering; use strong passwords, change passwords frequently, and use different passwords for different devices and accounts; avoid inputting personal information on unsecure sites (those with ‘http’ in the URL instead of ‘https’), and install security updates for software or devices as soon as they’re available instead of waiting for a more convenient time.

4. Educate yourself and your employees

Knowing what a phishing attack looks like can help prevent them from being successful. Cybersecurity training should be mandatory for everyone at your organization.

Can Insurance Protect Your Business From a Phishing Attack?

While there isn’t specific coverage for phishing attacks, there is cyber liability insurance. It helps protect your business if you or one of your employees falls victim to a phishing attack.

Ultimately, there’s no guaranteed way to stop phishing attacks from occurring.

However, in addition to ensuring you have adequate cyber liability protection, phishing attack prevention starts with taking additional cybersecurity measures and recognizing what could be a malicious attempt to steal information from you. Educating both yourself and your employees about how to prevent phishing attacks can save you trouble and money.

Recent Posts