Phishing scams are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords, and credit card numbers. The miscreant that orchestrates the phishing scheme is able to capture this information and use it to further criminal activity, like theft from a financial account and similar types of criminal activity. A consumer must be on guard against this type of criminal activity. Following, are the 10 best practices to avoid phishing attacks. The first four are tied to user behavior, the last six are ways to shore up your software and hardware vulnerability.
1. Never Click on Hyperlinks in Email
Never click on a hyperlink included within the confines of an email. This is particularly necessary if the link is included in an email from an unknown sender. If a recipient feels the need to check out the website the link supposedly is associated with, that individual should manually type the URL into the web browser itself.
2. Never Enter Sensitive Information in a Pop Up Window
Pop-up windows represent another tool used by phishers with illicit agendas. An important tactic to prevent phishing attacks is to never enter information into a pop-up window. In fact, a person is best served restricting pop-up windows altogether, except at those sites that an individual knows to be trustworthy.
3. Verify HTTPS on Address Bar
Whenever a person is conveying confidential information online, he or she must confirm that the address bar reads "HTTPS" and not the standard "HTTP." The "S" confirms that the date is being conveyed through a legitimate, secured channel.
4. Education on Phishing Attacks
Finally, staying abreast of phishing scams and the technology and techniques designed to prevent them is crucial. A plethora of reliable educational resources exist on the Internet that are designed to assist a person in preventing phishing attacks.
5. Keep Antivirus Protection Current
Although keeping antivirus protection up to date may seem like a patently obvious strategy, a surprising number of people fail to take this very basic step. The reality is that identity thieves and other criminals are constantly changing their schemes. Therefore, maintaining current antivirus protection is an invaluable first line of defense against phishing attacks. At NPG, IT has installed anti-virus protection on each machine and it is continually updated for your constant protection.
6. Utilize Anti-Spam Software
A number of reasons exist for taking advantage of anti-spam software. One of the benefits of this type of software is that it can provide some degree of protection against phishing attacks. This type of software naturally filters out a good amount of phishing emails that would otherwise end up in an inbox. NPG utilizes Spamaway which filters each employee’s Inbox for spam emails to protect you from viruses and phishing scams.
7. Utilize Anti-Spy Software
On a related note, a person is best served by using anti-spy software as part of a comprehensive effort to prevent phishing attacks. This type of software lessens (although does not completely eliminate) the presence of spyware on a computer. Reducing the amount of spyware that ends up on a computer significantly lowers the risk of a malicious phishing attack. All NPG employees are protected with anti-spy software to prevent each machine from attacks.
8. Install and Maintain a Reliable Firewall
Another of the 10 best practices to avoid phishing attacks is in the installation and maintenance of a reliable firewall. A firewall protects against the introduction of malicious code onto a computer, which represents another form of phishing. Your NPG IT Network team maintains extremely reliable firewalls which help prevent the danger of such attacks. Although these attempts cannot all be entirely prevented, our firewalls provide the utmost protection possible.
9. Protect Against DNS Pharming Attacks
DNS pharming attacks represent a recently developed type of phishing attack that does not involve email or pop-up windows. Rather, an individual's local DNS server is said to be poisoned. The net result of this poisoning is that a person's attempt to go to an actual website is interrupted and misrouted to a fake venue. The fake site looks remarkably like the real thing and is designed to capture personal and financial information. For example, a person may desire to go to his or her bank website, but end up at a fake one through a DNS pharming attack.
The only sure way for this type of phishing attack to be prevented is for an administrator to use security techniques to "lock down" a DNS server.
10. Utilize Backup System Copies
A tactic designed to protect against phishing attacks is the creation of backup system copies. By making these copies, a person can revert to an uncorrupted system if a phishing attack is suspected.
In addition, check out this video created to explain Phishing Emails.
https://www.consumer.ftc.gov/sites/default/files/games/off-site/ogol/_phishing-scams.html
Comments
Please sign in to leave a comment.