What is a phishing attack and how can I avoid them?
Phishing is a method of fraudulently gathering persona information using deceptive websites and emails. The attackers often impersonate trusted entities or real people they know.
According to a recent study by Mimecast , out of the 28 million emails delivered into corporate inboxes that were analysed, close to 500,000 contained malicious URLs. With such statistics, corporate are getting worried about how they can avoid phishing attacks. We’ll look as some of the ways below.
Ensure your software is always updated
Phishing attacks that use malware tend to rely on software bugs to get malware into your device. Once a bug is recognised, a software manufacturer will release an update to fix it. Therefore, if you are still using old software, it is highly likely that it has more publicly known bugs that can be used to install malware. To stay safe, you should always ensure that your software is up to date.
Verify emails with senders
A simple way of determining if an email is a phishing attack is by using another channel to confirm the same. The rule of thumb when handling any suspicious emails is, do not click any links or download any attachments in the email. Instead, open your browser and type the URL of the website in question. You can still proceed to call the purported sender to verify the authenticity of the mail.
Use a password manager with auto-fill
Password managers with auto-fill options keep track of the sites that those passwords belong to. The good thing about password managers is that, unlike humans who can be tricked by fake login pages, they cannot fall into the same trap. If you are using a password manager and it refuses to auto-fill a password, be careful about the site you are using and double-check it.
Use a Universal 2nd Factor (U2F) during login
The Universal 2nd Factor (U2F) authentication entails the use of physical security keys in place of passwords. Security keys are basically USB based devices that provide an alternative approach to two-factor authentication (2FA). Under the U2F you log in normally, and then you connect the key to your device.
If you are on a phishing website, your browser will not log you in with the credential you use on the legitimate site. So even if a phishers manage to steal your passphrase, they can’t compromise your account.
Never allow remote access to your computer
Sometimes you may receive an email or a cold call claiming to be from tech support of a reputable security company. The criminals may claim that they’ve found some malware on your computer and therefore want to install a remote desktop software.
If a person claims to be working for a specific, renowned company, look up for their contact information online and promise to call back. Importantly, never allow strangers to remote access your computer. And if you have to allow someone to access your computer, then let Westgate support engineers verify the identity of the people.
Conclusively, criminals who have information on your company orchestrate most phishing attacks. Therefore, organisations should desist from sharing too much information online that may compromise data security. Employees should be enlightened on why they shouldn’t share sensitive company information with outsiders.
Contact Westgate IT support
Criminals who have information on your company orchestrate most phishing attacks. Therefore, organisations should desist from sharing too much information online that may compromise data security. In everything you do on your computer, if you notice any unsolicited mails, you should be very careful.
Never be in a rush to open any documents you come across. Instead, always contact your Westgate IT support engineer. At Westgate Engineers, should be able to detect and thwart any malicious attacks on your computers and other devices.Published: 24th January 2020