Brother
  1. Home Brother
  2. Support
  3. Brother Answers Articles
  4. 8 Ways to identify and prevent phishing
A man looking concerned reading an email on his notebook computer while sat at a table in a home working environment

8 Ways to identify and prevent phishing

Phishing is one of the most common forms of cyber-attack faced by individuals and organisations. And unfortunately, there’s a reason it’s so prevalent – it works all too often.

This kind of attack poses a substantial risk, yet it is one that can be minimised by following simple steps to prevent phishing.

Here we explain what it is and how to try to prevent phishing attacks from being successful at home and within your organisation.

What is phishing?

Phishing is an online scam in which criminals send fake messages – usually emails or text messages – designed to trick recipients into divulging sensitive information, such as passwords and financial details.

Most often, a phishing email or message is made to look like an official communication and will contain a link within it. Recipients are asked to click that link, which takes them to an online form that requires them to log-in using their username and password and to provide other sensitive data. This data is then harvested by the criminals who sent the message.

A typical example of phishing

A common example is receiving an email that looks just like one from the recipient’s bank. The email informs the recipient that there’s a problem with their account and that they need to log-in to their account to fix it.

The recipient clicks on the link to be taken to a webpage that’s been made to look just like their bank’s website. They provide their username, password and bank details, which are then collected by the criminals who sent the email. The criminals may now have access to that individual’s bank account.

How to prevent phishing

Although phishing poses a serious risk and scams are more convincing than ever, there’s still plenty you can do to prevent failing into the trap. Just follow these eight steps to reduce the risk of phishing for you and your organisation:

1. Don’t click on suspicious links

The most powerful way to avoid phishing attacks is to never click on links in emails, text messages or other any other electronic messages, such as those sent via social media.

Organisations like banks are aware of phishing and the risk it poses to their customers. Internal departments in organisations are aware of phishing too. You won’t be sent messages with links in by banks or similar organisations, or by departments at work, especially links that ask you to divulge confidential information.

If there’s ever a problem with an account or a service you use, you may be notified by email or text message. If you need to log-in to an account to address the issue, that communication will likely ask you to do so in the way you usually do, not via a link provided in the email.

2. Never reveal personal information online

If you do click on a link and are taken to a webpage that requests personal details, close that page down immediately.

Never enter any confidential details online unless you are 100% confident that the site or app you are using is genuine. Even the smallest of doubts is just reason to stop in your tracks and close the page. Never provide personal or financially sensitive information via email or another form of message, and never after clicking on a link in an email or message.

3. Know what phishing looks like

As well as not clicking on any links in messages or providing sensitive information online, try to stay aware of current developments in phishing.

The core of phishing is based on sending links in messages that ask people to provide personal data. New variants of phishing are being created all the time however, including more targeting via social media and by bots made to appear like real people. You can find updated phishing awareness and security training for individuals and employees online to help with this.

4. Always check websites are secure

If you’re about to enter personal details online, you need to first check that the website you’re using is genuine and secure.

Take a look at the URL to see if it’s the same URL that you usually visit or expect to see. Then make sure the URL begins with “https” to ensure it’s a genuine web address. Many browsers also have a padlock icon just to the left of the URL to show you the website is secure. If your browser uses padlock icons, but you don’t see one, don’t trust that website.

5. Change your passwords regularly

Regularly changing passwords on all your accounts shores up another layer of security.

You may be phished without even knowing it’s happened, but changing passwords will rectify this. Other forms of data breach can expose passwords, like data thefts from banks and other organisations. Username and password data are then often sold online and shared widely. Changing your passwords regularly helps to ensure criminals or other malicious parties can’t gain access to your accounts if they acquire your information.

6. Install a firewall on your computer and network

Firewalls monitor data entering and leaving computers and networks. They can block forms of data that aren’t coming from or going to trusted sources. Installing firewalls on computers and networks is a simple but powerful way to prevent phishing scammers from accessing those computers and networks from unfamiliar locations.

7. Don't click on pop-ups

Pop-ups are uninvited windows in your browser that appear on your screen when accessing websites. They may appear like a legitimate element of a website you’re using, but often they’re not – they come from a different source and are phishing attacks.

Be aware that the website you’re visiting may well be genuine, but that any pop-ups that spring up probably aren’t and may originate from scammers. Official organisations rarely use pop-ups these days and will not request personal data via them. If one does appear on your screen, don’t click on it other than to get rid of it. Restart your browser if they refuse to close.

8. Try free anti-phishing add-ons

Most internet browsers have free add-ons that can be downloaded to help identify and prevent phishing scams. These anti-phishing add-ons provide clear alerts if users receive suspicious messages or visit untrusted websites. Many of them are free and are regularly updated to spot new and evolving phishing attacks.

Just make sure you download any add-ons from trusted sites however, such as from a website owned by the company that operates your browser or from an official app store.

Phishing attacks and hybrid working

Phishing attacks are common and constantly evolving. All too often, they’re successful. With many employees adopting flexible and hybrid working practices, organisations can be exposed to new and more frequent security risks, including those from phishing.

Making employees aware of the risk and educating them on how to prevent phishing attacks is more important than ever. As experts in hybrid working, our security solutions can help you and your organisation reduce the risks of flexible working practices so you can reap the benefits they can bring.

Sources

https://www.lepide.com/blog/10-ways-to-prevent-phishing-attacks/

https://www.phishprotection.com/content/phishing-prevention/phishing-attack-prevention/

https://www.phishing.org/10-ways-to-avoid-phishing-scams

Discuss your hybrid working challenges with one of our experts

Contact us
Back to top