Phishing may be a term that you are unfamiliar with but chances are, you have either been a victim or know someone who has been.
If you don’t already know, phishing refers to when you are sent an email by someone who is impersonating either another person or company in an attempt to obtain sensitive or personal details about you. It is also referred to as “spoofing” or in the case of trying to target high-level executives, it can be referred to as “whaling.”
A very common example is receiving an email which appears to be from your bank asking you to change your password or confirm your details. Upon clicking the link and providing the details, the fraudster now has access to your account details.
Emails such as this can also be used to gain remote access to your device or to spread viruses and malware.
Can you spot the Phish?
Our email security partners, Barracuda, have come up with a fun game which will test your ability to spot which emails are spoofed and which are genuine. Give it a try now and let us know your score!
How to secure your email
So, you are now an expert in spotting phishing emails. But what about securing your email account to minimise the chance of getting an attack in the first place? There are several steps to make your email considerably better protected.
Consider 2 Factor Authentication
2 Factor Authentication is a way of making your accounts more secure by asking for an additional piece of information such as a generated code. Many web-based email providers such as Outlook.com and Gmail are compatible with 2FA.
Create a different email for password resets
All the hard work of setting unique passwords for all of your accounts can be undone if someone gets access to your main email account and uses the “forgot your password?” feature to reset them all. Create a separate “secret” email address just for password reset emails and you will be much more protected, especially if this account has 2FA enabled.
Be phishing aware
Firstly, always be on guard if you receive an email from your bank. It may be genuine, but always be more careful before opening or clicking on any links.
Secondly, always check the sender’s email address. For instance, if the email is supposed to be from HSBC but the email address is something completely different, delete the email immediately.
Unfortunately, this isn’t foolproof and this is when the following check “be spoofing aware” comes in.
Be spoofing aware
Cybercriminals have become more advanced and can now “spoof” email addresses. This means that even if you check the sender’s email address, sometimes it can appear to be from the correct person. This is much harder to spot than the more rudimental phishing attack mentioned above.
The first step to counter this is education. Make sure you (and your colleagues) are all aware that emails can be spoofed. Send round an email, direct them to this article or book a quick training session to explain good email security practices.
Secondly, make sure you have internal processes that put additional checks in place. For instance, if anyone is asked to make a payment via email, ensure this is always verbally confirmed by the finance director before actioning the payment.
Thirdly, review the language used in the email. Does this look like a legitimate email? Would the sender be using these phrases? Typos and poor grammar are a dead giveaway, especially if the email is ostensibly from a professional company.
Finally, decent email filtering will be able to reduce the number of these emails reaching your inbox.
Get email filtering
A comprehensive email filtering solution will pay for itself many times over. It not only provides protection against spoofed emails but will also protect your inbox from email-borne viruses and malware. As well as this, email filtering keeps spam in check so you can concentrate on your legitimate work email.
There are a number of options available, we offer email filtering as part of our SecureSuite Email package, which is built on technology from the industry-leading Barracuda Networks.
Set up email archiving
Following the steps above will make a huge improvement in safeguarding your email account but there is another area to consider. What happens if you accidentally delete an email?
This is where email archiving comes in. Think of it as a backup for your emails. Like email filtering, we include email archiving in our SecureSuite Email package. Other popular options include Mimecast.
These tips are taken from the email chapter of our new eBook, 7 Steps to Protect Yourself in Minutes. So if you found these helpful, keep an eye out on our website as we will be making the entire book available for free in the next few weeks.