USI Security Tips

How to Protect Your Business From a Phishing Attack

September 29, 2020

Depositphotos_83931862_xl-2015

Phishing is one of the most common forms of cyber attacks. Hackers will manipulate people by impersonating banks, fellow employees and friends in order to steal confidential credentials or information such as passwords, credit card information, bank user IDs and passwords, and social security numbers.  Most of the time phishing attacks occur through emails, often having people follow links to fake websites or download malware. So how can you protect your customers and employees from phishing? Keep reading to find out. 

Build a DMARC Record

Domain-Based Message Authentication Reporting and Conformance (DMARC) is an email authentication protocol that utilizes SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to verify messages sent from your domain and can block fraudulent emails as well. It also allows you to tell email service providers how to deal with fraudulent mail that does appear to be sent from your domain by monitoring your emails or moving unauthentic emails to spam. Email providers can also send you DMARC reports that show which emails are authentic or not and why. 

Train Employees and Customers to Spot an Attack

One of the best ways to avoid phishing is by educating your customers and employees on how to spot an attack. 

Poor Grammar. Many amateur hackers avoid spell checking or use google translate if they are a foreign criminal, so if they receive a poorly written email from an unknown user, it’s likely to be a phishing attempt. 

Suspicious URLs. Phishing emails work by hackers disguising a malicious website URL to look like a verified one. One of the ways to detect this is to check the length of the URL, and by hovering over it to see if the landing page web address is different. 

Mismatched Sender Address. A hacker can imitate your logo, name and even email address, but they can’t copy sender addresses. Always check to see if a suspicious email domain matches the brand. 

Invest in Email Security Software

Training employees to be well versed in detecting phishing attempts can be useful, but it’s not always full proof. If you have the funds to do so, invest in email security software. This is the most reliable and effective way to defend against phishing. Email security software can identify unusual traffic patterns, as well as detect and block phishing threats before they reach an employee or customer’s inbox. 

   Contact USI Security   

Recent Posts

Security Risk Assessment