How to Avoid Being the Victim of Phishing

By Paula Bernier
Executive Editor, TMC

Is that email that appears to be from your bank really from that institution, or is it yet another example of phishing? That’s a question that anyone who receives such a communication should ask him or herself before clicking the link and offering up any information.

It’s important to keep this in mind because acting on these emails not only opens up the receiver to hacking but may also make his or her employer vulnerable to cyber attack, explains Intermedia’s (News - Alert) Richard Walters in a recent posting.

“Clicking on a malicious link while at work in the hope of checking statements or transferring money can expose the entire company,” writes Intermedia’s senior vice president of security products.

As noted above, this kind of email is known as phishing. That involves sending emails that appear to be from legitimate sources but, in fact, are not. And phishing expeditions related to people’s financial institutions have become a favorite way for bad actors to net private information.

To avoid getting caught in a phishing scam, it’s important to remember to never provide personal or financial information over email. Walters also suggests people check web pages to spot small variations in page addresses.

Employers can also take steps to help prevent themselves and their employees from being the victims of phishing, he adds. First, he says, organizations can educate employees about fake emails from what appear to be their banks. Companies should also check to make sure their email defense software checks links in emails in real time to look for phishing, he writes. And, he says, organizations should consider implementing advanced identity and access management to enable two-factor authentication, to offer advanced single sign-on, and to implement context-based authentication.

A recently release Anti-Phishing Working Group report indicates the retail and service segment is the most at risk, accounting for more than 42 percent of such attacks. More than 400 brands were attacked each month the report studied. And 21 million new malware samples were captured in the quarter, according to APWG.