A phishing email usually contains a link with directions asking the recipient to click on it. Clicking the link transports the email recipient to an authentic-looking, albeit fake, web page. The target is asked to input information like a username and password, or even additional financial or personal data. The miscreant that orchestrates the phishing scheme is able to capture this information and use it to further criminal activity, like theft from a financial account and similar types of criminal activity. A consumer must be on guard against this type of criminal activity. Following are the 10 best practices on how to avoid email phishing. The first four are tied to user behavior, the last six are ways to shore up your software and hardware vulnerability.
1. Never Click on Hyperlinks in Email
Never click on a hyperlink included within the confines of an email. This is particularly necessary if the link is included in an email from an unknown sender. If a recipient feels the need to check out the website the link supposedly is associated with, that individual should manually type the URL into the web browser itself.
2. Never Enter Sensitive Information in a Pop Up Window
Pop-up windows represent another tool used by phishers with illicit agendas. An important tactic to prevent phishing attacks is to never enter information into a pop-up window. In fact, a person is best served restricting pop-up windows altogether, except at those sites that an individual knows to be trustworthy.
3. Verify HTTPS on Address Bar
Whenever a person is conveying confidential information online, he or she must confirm that the address bar reads “HTTPS” and not the standard “HTTP.” The “S” confirms that the date is being conveyed through a legitimate, secured channel.
4. Education on Phishing Attacks
Finally, staying abreast of phishing scams and the technology and techniques designed to prevent them is crucial. A plethora of reliable educational resources exist on the Internet that are designed to assist a person in preventing phishing attacks including our training course here.
5. Keep Antivirus Protection Current
Although keeping antivirus protection up to date may seem like a patently obvious strategy, a surprising number of people fail to take this very basic step. The reality is that identity thieves and other criminals constantly are changing their schemes. Therefore, maintaining current antivirus protection is an invaluable first line of defense against phishing attacks.
6. Utilize Anti-Spam Software
A number of reasons exist for taking advantage of anti-spam software. One of the benefits of this type of software is that it can provide some degree of protection against phishing attacks. This type of software naturally filters out a good amount of phishing emails that would otherwise end up in an inbox.
7. Utilize Anti-Spy Software
On a related note, a person is best served by using anti-spy software as part of a comprehensive effort to prevent phishing attacks. This type of software lessens (although does not completely eliminate) the presence of spyware on a computer. Reducing the amount of spyware that ends up on a computer significantly lowers the risk of a malicious phishing attack.
8. Install and Maintain a Reliable Firewall
Another of the 10 best practices to avoid phishing attacks is in the installation and maintenance of a reliable firewall. A firewall protects against the introduction of malicious code onto a computer, which represents another form of phishing.
9. Protect Against DNS Pharming Attacks
DNS pharming attacks represent a recently developed type of phishing attack that does not involve email or pop-up windows. Rather, an individual’s local DNS server is said to be poisoned. The net result of this poisoning is that a person’s attempt to go to an actual website is interrupted and misrouted to a fake venue. The fake site looks remarkably like the real thing and is designed to capture personal and financial information. For example, a person may desire to go to his or her bank website, but end up at a fake one through a DNS pharming attack.
The only sure way for this type of phishing attack to be prevented is for an administrator to use security techniques to “lockdown” a DNS server.
10. Utilize Backup System Copies
A tactic designed to protect against phishing attacks is the creation of backup system copies. By making these copies, a person can revert to an uncorrupted system if a phishing attack is suspected.