Security Awareness Websites - 

https://staysafeonline.org

www.terranovasecurity.com/demo

10 Practical Tips for Employees to Prevent Phishing Attacks

Stay informed about the latest phishing tactics by attending security training sessions and reading about cybersecurity trends, news, incidents, and best practices. Because the sophistication and various types of phishing are constantly growing and evolving, staying informed on current threats is critical. 

Consciously question the legitimacy of each email, text message, and phone call. If you receive an unexpected email from a coworker, financial institution, government agency, or vendor, look out for these tell-tale signs of phishing: 

• Spelling or grammatical errors: Scammers intentionally include typos and grammatical mistakes in phishing emails to target unsuspecting and innocent victims while weeding out those too smart to fall for the scams. Typos in emails may bypass email security filters or create a sense of authenticity in the message. Additionally, these errors may occur when the sender is not proficient in the language used in the email. 
• Urgent demands for sensitive information: Emails using language with a sense of urgency or fear aims to make targets act quickly without thinking.
• Suspicious links: Asking for personal information or downloading malware onto your device, phishing links may lead to suspicious websites. 
• Spoofed email addresses: Although phishing emails appear to be from a legitimate source, hovering over the sender’s email address can check if it matches the supposed organization. 
• Unexpected attachments: Malicious and harming your device or stealing your information, phishing emails may include unexpected attachments.   

Add an extra layer of security to your accounts by creating unique, strong passwords and enabling two-factor authentication wherever possible. Create strong passwords by combining uppercase and lowercase letters, numbers, and symbols.

Learn how strong your password is through Hive System’s infographic, and utilize Splashtop’s Vault to manage your passwords. Your accounts may be compromised without you knowing, so it is advised to regularly rotate passwords and add a second form of identification. 

To protect against the latest threats, regularly update operating systems, anti-viruses, firewalls, and anti-malware software on all devices. These updates include security patches that address known vulnerabilities and protect you from phishing exploits.

Before clicking links or downloading attachments from unknown emails, text messages, or instant messages, think twice and hover your mouse over the link to examine the URL. Clicking a phishing link or attachment can lead to malware installation, data theft, or financial loss.

If you receive a suspicious message, check the email address for spelling errors or a generic greeting, and verify the legitimacy of messages with the sender. 

Phishing attacks usually trick you into providing personal or financial information such as your username, password, or social security number. Be careful when sharing information online, as legitimate companies never ask via email or phone. 

Check for email address and sender name deviations. Common social engineering cues include:

• Requests to obtain sensitive information 
• Asking for transfers of money
• Unusual or sudden purchase requests
• Sudden changes to direct deposit

Avoid accessing sensitive information when using public Wi-Fi. Hackers may easily steal data from unsecured networks. 

Download anti-phishing add-ons that can help protect you against phishing attacks on every device. These tools block access to malicious websites by analyzing emails and URLs for known phishing patterns. Here are some popular anti-phishing addons you can use: 

• Netcraft Extension: By monitoring websites and alerting them with a warning message when suspicious sites are detected, the anti-phishing add-on compares them against databases of phishing sites. 
• Avira Browser Safety: Blocking malicious websites such as phishing sites, the add-on scans downloads for malware.
• Web of Trust (WOT): Basing their ratings on trustworthiness and reputation, the add-on warns users of websites' poor reputations. 

Immediately report suspected phishing scams to appropriate authorities, such as your IT department or the Federal Trade Commission. By reporting, you can help your IT department identify potential phishing threats so they can prevent further attacks in the future.

Posing a significant threat to individuals and organizations, phishing attacks can lead to financial losses, reputation damage, and unauthorized access to private information.

However, employees can effectively mitigate these attacks by staying informed, being vigilant, and following these practical tips and techniques. Educating ourselves and others, staying cautious, and reporting suspicious activity can help prevent further phishing attacks and protect ourselves and our organizations from harm.