• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY

7 Tips to Prevent Phishing and Business Email Compromise

Published by Sabrina Pagnotta on October 27, 2022
Categories
  • Blog
Tags
  • Cybersecurity
  • TPRM Best Practices
Cybersecurity Awareness Month

Phishing is a type of social engineering where an attacker sends a fraudulent message to trick a victim into revealing sensitive information, such as passwords or credit card data, or to deploy malicious software like ransomware. It is perhaps the oldest trick in the cybercrime book, and yet the most efficient. So how to prevent phishing in the workplace?

According to the 2021 State of the Phish report by Proofpoint, 57% of respondents said their organization experienced a successful phishing attack in 2020, up from 55% in 2019. Alarmingly, more than 1 in 10 users clicked on a simulated phishing email.

Today we share tips on how to spot malicious emails to prevent phishing, ransomware, and other malware attacks in the business network. 

Prevent Phishing by Understanding How it Works

Over the last year, there has been a surge in coronavirus-themed phishing scams and ransomware attacks. At the same time, information security professionals have struggled to keep their users secure amid an abrupt shift to remote work due to the pandemic.

The problem with phishing is that it can often lead to more serious vulnerabilities and malware attacks. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their device, creating a gateway for criminals.

Phishing emails may appear to come from a real financial institution, e-commerce site, government agency, or any other service, business, or individual. We’ve seen phishing campaigns pretending to come from nearly everything from Netflix and Instagram to the IRS.

Preventing Phishing in the Workplace

Email is not the only medium phishers use —vishing involves video calls and landline telephone calls; and smishing involves text messages. The point remains: attackers will request personal information such as account numbers, passwords, or Social Security numbers by any means and with any pretext.

This also applies to the work environment. Spear phishing, whaling, and business email compromise (BEC) are other forms of phishing targeted at specific and narrower audiences. These types of attacks reach fewer people, but their level of focus and sophistication make them more difficult for users to spot and for technical tools to block. 

65% of organizations faced BEC attempts in 2020, with campaigns trying to lure them into executing “urgent” wire transfers or paying fake invoices that pretend to come from a trusted provider. 

Attackers are adept at researching and targeting specific roles and people, which means these techniques should remain firmly on everyone’s radar.

Read More: 10 Ransomware Tips from a CISO – How to Prevent, Detect, Contain, and Respond to Attacks

7 Tips to Prevent Phishing

CISA and the NCSA have put together the following tips to prevent phishing at home and in the workplace.

1. Play hard to get with strangers

Links in email and online posts are the most common conduit for cybercriminals. If you’re unsure who an email is from—even if the details appear accurate—do not respond, and do not click on any links or attachments.

Be cautious of generic greetings such as “Hello Bank Customer,” as these are often signs of phishing attempts. If you are concerned about the legitimacy of an email, call the company directly.

2. Think before you act

Be wary of communications that implore you to act immediately. Many phishing emails create a sense of urgency, trying to make you think your account or information is in jeopardy. If you are prompted to do something urgently, reach out to that person or entity directly to verify the request.

3. Protect your personal information

If people contacting you have key details from your life—your job title, multiple email addresses, full name, and more that you may have published online somewhere—they can attempt a direct spear-phishing attack on you. Cyber criminals can also use social engineering with these details to try to manipulate you into skipping normal security protocols.

4. Be wary of hyperlinks

Avoid clicking on hyperlinks in emails and hover over links to verify their authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.

5. Double your login protection

If multi-factor authentication (MFA) is an option, make sure to enable it. That way, you’ll be the only person who has access to your account. Use it for email, banking, social media, and any other service that requires logging in. You can associate a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.

6. Shake up your password protocol

Consider using the longest password or passphrase permissible. Get creative and customize them for different sites, which can prevent cyber criminals from gaining access to multiple accounts in the event of a breach.

No need to memorize your strong passwords and passphrases: Use password managers to generate and store them.

7. Install and update antivirus software

Make sure all of your computers, Internet of Things (IoT) devices, mobile phones, and tablets are equipped with regularly updated antivirus software, firewalls, email filters, and anti-spyware.

making tprm easier

Be Cyber Smart Across Your Supply Chain

Rising regulatory pressure is coupled by increasing third party risks, and your organization needs to extend cyber hygiene practices beyond its own perimeter.

This strategy guide explains how to sustain a secure vendor ecosystem by solving security and compliance problems for enterprises and third party vendors.

Get the Guide
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
  • Phone
    |+1-617-245-0469
  • Address
    |
    111 Huntington Ave, Suite 2010, Boston, MA 02199
  • Sales
    |sales@bitsighttech.com
  • Contact Us
Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
  • PARTNERS LOGIN
  • CONTACT US
  • PRIVACY POLICY
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Reject AllAccept
Cookie Settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT