top of page
  • Dan Cummins

Tips to Avoid Phishing

In this industry we often say "if you build a better mousetrap, they'll build a smarter mouse". What worked last year or yesterday may not work today when it comes to warding off a phishing attack. Nefarious forces, both human and automated, are always out to get between you and your personal information and/or money. For every security hole that is patched up, someone somewhere is working on a way to get around it. While this is an unavoidable hazard of the digital world, there are some steps that can be taken to reduce risk, at both human and hardware levels.

1. Don’t click on suspicious links

Generally, if something looks suspicious, it usually is. It may not mean disaster if you actually click on something without thinking, but the quicker users can become attuned to the signals of malicious links, the better. Often, dangerous messages will use spoofed email addresses or websites. Hovering over or right-clicking an email address or URL can often reveal the real name of the sender. If you get a link requesting that you log in to your bank or other account with a 'CLICK HERE' button, be wary. Better would be to go to the site's public login directly and use that.

3. Use your built-in security.

Most browsers and email platforms nowadays will enable you to download add-ons that spot the signs of a malicious website or alert you about known phishing sites. They are usually free or close to free so wise users and administrators will make use of all the tools available.

4. Guard your personal information

If the URL of the website doesn’t start with “https”, or you cannot see a closed padlock icon next to the URL, do not enter any sensitive information or download files from that site. Site’s without security certificates may not be intended for phishing scams, but it’s better to be safe than sorry.

5. Change passwords regularly

If you’ve got online accounts, you should get into the habit of regularly rotating your passwords so that you prevent an attacker from gaining unlimited access. While it is tempting to use one master password for all accounts, this makes a person or company more vulnerable - adding that extra layer of protection through password rotation can prevent ongoing attacks and lock out potential attackers.

6. Don’t snooze on updates

Receiving numerous update messages can be frustrating, and it can be tempting to put them off or ignore them altogether. Don’t do this. Security patches and updates are released for a reason, most commonly to keep up to date with modern cyber-attack methods by patching holes in security. If you don’t update your browser, you could be at risk of phishing attacks through known vulnerabilities that could have been easily avoided.

7. Two words: FIRE WALL

Firewalls are an effective way to prevent external attacks, acting as a shield between your computer and an attacker. Both desktop firewalls and network firewalls, when used together, can bolster your security and reduce the chances of a hacker infiltrating your environment.

8. Watch out for pop-ups.

Pop-ups aren’t just irritating; they are often linked to malware as part of attempted phishing attacks. Most browsers now allow you to download and install free ad-blocker software that will automatically block most of the malicious pop-ups. If one does manage to evade the ad-blocker though, don’t be tempted to click! Occasionally pop-ups will try and deceive you with where the “Close” button is, so always try and look for an “x” in one of the corners.

9. Use Multi-Factor Authentication

Any accounts used for conducting important business should be protected with some kind of MFA, either in the case of a txt-message verification or 3rd party authenticator like DUO. Windows Remote desktop Services and other remote platforms should be sealed behind this extra layer of security, which not only protects valuable resources from theft or encryption, but will alert users if some kind of nefarious attack is occurring.

43 views0 comments


bottom of page