In cyber world, it is very important for every individual or organizations should have know about phishing attack and what is the best defense against phishing attacks. Phishing attacks are very sophisticated and tactful method which used to compromise the important information by pretending to be an email from or the website of a trusted organization.
Tips: What is the best defense against phishing?
Here are some basic tips for best prevention against phishing attacks in keeping individuals or organization information.
1. Ensure Security of your Personal Information
To secure your personal information from phishing attacks, you have to be careful when you are going to enter your personal details, login credentials and sensitive information in a site. Here are the some useful tips to secure your personal information:
- Check the site is trusted or not?
- Don’t provide your information if the site is unknown to you
- Do not share your login credentials to others
- Use strong and unique password
- Do not use same password for multiple account
2. Enter personal information only on secure website
If you want to provide your sensitive or financial information in a site, first you have to make sure that the site is secure by SSL (Secure Socket Layer) certificate. In URL, it will starts with https:// such as: https://www.google.com/.
- Click on the lock and inspect the website’s SSL certificate. If the certificate and the URL don’t match, or if the certificate is expired, your information may be compromised.
- If you visit a site and you know the site is legitimate and notice the site is not secure, then your information may be also compromised
So, by ensuring site security then you can enter your information.
3. Delete suspicious email and do not click
You may receive an unwanted email from unknown source which seems suspicious or phishing e-mail message. A suspicious e-mail that may contains a virus or malware script to redirect you to a vulnerable website to steal your information.
- If you want to avoid phishing email, just delete any email that raises confusion.
- If you think your incoming email is suspicious then you can direct phone call to sender to confirm as he sends the mail.
- In addition to simply deleting the email, you can also mark it as spam, or as suspicious and it is better do not click on that type of email.
4. Never provide your personal Information
To prevent from phishing attack, you should never share your personal or financially sensitive information such as login credentials or credit card details as over the Internet. Most of the phishing emails will re-direct you to pages where the entries for financial or personal information are required.
As an internet user you should never make confidential entries through the link provided in the incoming emails. Make it a habit to check the address of the website is valid and secure by SSL certificate. A secure website always starts with “https” such as https://www.google.com.
5. Check the correctness of email addresses
Phishing scammers are typically try to make the email address a phishing email which is sent from look like as official or legitimate user. However, upon closer inspection, you’ll miss something such as:
- An email address will ending in “.com” as it should, but the email address may end differently. The attacker may include “com” in the domain name to fool you.
- For example, you will get a phishing email from “businesscom.work” instead of “business.com”
- Another one is the company name may be spelled incorrectly.
- For example, you will get an email from “trsutbank.com” instead of “trustbank.com”
So, before clicking this type of email link to enter your personal information you have to check or examine the email address very carefully.
6. Arrange Cyber security training and awareness workshop
Every organization should arrange regular awareness workshop and training program on Cyber security. The workshop and training program may include the following topics:
- Cyber security and its importance.
- Cybercrime and different types of cybercrime
- What is phishing attack? Types of phishing attacks
- What is the best defense against phishing attacks?
- Different types of cyber security tools and techniques.
So, employee will be aware about the cyber threat and can protect from cyber-attack and also ensure security of his/her personal information.
7. Prepare security policy and deployment
The security policy will ensure the security, consistent and reliability of an organization. If an organization don’t have the security policy then it is urgent to prepare and deploy the policy. The security policy may include the following topics:
- Physical and network security of the organization
- Password creation policy and management
- Security awareness training of all employees
- Secure use of email and social media account etc.
So, hope that the policy will try to ensure your security.
8. Know about Phishing Techniques
Internet user should know about the phishing attack and also should know what is the best defense against phishing attacks? New phishing scams are being developed all the time. Without knowing of phishing techniques, you cannot protect your personal information from attacker. So, keep your eyes to newspaper, website or others resources to know new phishing scams.
9. Keep your browser up to Date
Web browser up to date is very important for both security and ensuring that web pages load properly. Out of date web browsers can have serious security problems such as phishing, viruses, trojans, spyware, adware, and other sorts of malware.
However, Security patches are released for popular browsers all the time. Its required couple of minute an update is available, just download and install it.
10. Up to Date operating system and security patch
The operating system and security patch of your computer has important security functions that can help protect you from phishing attempts. Keeping your operating system and security patch up-to-date then it will ensure the strongest security.
- Open Windows Update by clicking the Start button > click control panel > system and security > and clicking Windows Update.
- In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.
- If any updates are found, then click Install updates.
11. Use Antivirus software
Antivirus software is a program that helps protect your computer against viruses, worms, Trojan horses, and other unwanted threat from your computer. It scans every file which comes through the Internet to your computer and helps to prevent damage to your system.
You should use Anti-spyware and firewall to prevent phishing attacks and should update the programs regularly.
12. Install an Anti-Phishing Toolbar
Anti-Phishing Toolbar is just one more layer of protection against phishing scams, and it is completely free. It allowing easy lookup of information relating to the sites you visit and providing protection from Phishing.
Most popular Internet browsers have anti-phishing toolbars such as Netcraft Toolbar, McAfee SiteAdvisor, Finjan SecureBrowsing, Bitdefender TrafficLight etc. These types of toolbars run quickly and checks on the sites that you are visiting and compare them to lists of known phishing sites.
13. Use Web Application Firewall
A web application firewall or WAF is an application based cyber security tools. WAF has designed to protect applications, APIs, and mobile apps by filtering and monitoring HTTP harmful traffic between a web application and the internet.
If you use WAF, then it will protect your websites, apps, and the data. It will allow legitimate traffic (e.g. customers) access while blocking malicious traffic (e.g. Phishing attack).
Learn more about Web Application Firewall
14. Data Encryption
Encryption is the process of encoding of your data using an encryption algorithm to transform information that only authorized users can access it and make it unreadable for unauthorized users. It protects sensitive data such as credit card numbers, bank details, login credentials etc. by encoding and transforming data into unreadable cipher text.
Learn more about Data encryption
Finally, what is the best defense against phishing attacks? Simply to say, blocking access to non-approved websites, educating staff, limited access of internet, create a policy and its implementation will prevent and protect against a phishing attack.