Tips to prevent phishing

Phishing is tricking someone, usually via email, to gain information for nefarious purposes. It can be used by hackers as part of an elaborate scheme to enter an organizations internal systems, or just to steal your uncle’s personal data for resell on the dark web. Since phishing is a shockingly easy and effective method for bad actors to do harm, we’ve listed a few tips on this page to protect yourself and your organization.

Protecting yourself

1. Don’t click on any links that you do not trust
2. Don’t fill out forms on websites that you don’t trust, or on moments that you don’t trust it
3. Don’t click on any attachments in suspicious emails
4. Check the actual sender by clicking on the sender’s icon in your mail program
5. Use an up-to-date browser from a reputable company
6. Set up 2-Factor Authentication on your accounts where possible
7. Use a protected DNS service such as “Quad 9“

Protecting your organization

1. Train your personnel in recognizing and reporting suspicious emails
2. Create an environment where employees feel safe to report mistakes
3. Set up custom SPAM rules for your mail server
4. Use link- and/or attachment checking software such as Microsoft Safe Links
5. Use a filtered forward proxy server that blocks known malicious domains
6. Practice least privilege to reduce the impact of account-takeover
7. Set up intrusion detection and -prevention systems to monitor suspicious account activity

 

If you need help to reduce the chance and/or impact of phishing in your organization, don’t hesitate to reach out to us using the contact information in our website footer!

 

Image credit: Sean Foster via Unsplash