Protecting your email against phishing attacks
June 4, 2020
How can you protect yourself against phishing?
Email is one of the most popular ways people stay in touch, for both at work and at home. One report found that there were 246 billion emails sent every day in 2019 – and this is expected to rise to 280 billion by 2021.
Be careful with your emails
Because you can do so much through online banking, your user name and password are highly valued by hackers. Armed with those details, they can log into your account and make digital cash transfers to steal all your money.
To help steal your logon details, hackers send emails that look almost identical to the ones sent by your bank – a scam known as phishing. Clicking through the links in these fake emails will take you to a site that looks just like your bank’s. But when you try to logon, instead of seeing your account details you will receive an error message. Meanwhile, the cybercriminal has already captured your username and password, allowing them to get to work emptying your bank account immediately.
1. Check what your bank says about their emails
Your bank will almost certainly have a page on their website about helping you to identify fake emails. This example from Lloyds Bank shows the things you need to look out for, including:
Email is one of the most popular ways people stay in touch, for both at work and at home. One report found that there were 246 billion emails sent every day in 2019 – and this is expected to rise to 280 billion by 2021.
Much of our day-to-day business is conducted online now – take banking for instance. Many banks produce electronic statements which are stored in our online accounts; they send us a monthly email to remind us to check our records online. We simply click through the supplied link and log into our online account.
Because you can do so much through online banking, your user name and password are highly valued by hackers. Armed with those details, they can log into your account and make digital cash transfers to steal all your money.
To help steal your logon details, hackers send emails that look almost identical to the ones sent by your bank – a scam known as phishing. Clicking through the links in these fake emails will take you to a site that looks just like your bank’s. But when you try to logon, instead of seeing your account details you will receive an error message. Meanwhile, the cybercriminal has already captured your username and password, allowing them to get to work emptying your bank account immediately.
So how can you protect yourself against phishing?
Your bank will almost certainly have a page on their website about helping you to identify fake emails. This example from Lloyds Bank shows the things you need to look out for, including:
- Incorrect sender’s email address.
- A generic greeting (your name is not used).
- The email includes a direct link – emails from Lloyds do not.
- The email makes threats about suspending your account, or suspicious activity.
2. Never click links in emails from your bank
To avoid being duped into accessing a fake website, never click the links in any email claiming to be from your bank. Instead, type the address into your browser bar direct – that way you will always land on the official website.
To avoid being duped into accessing a fake website, never click the links in any email claiming to be from your bank. Instead, type the address into your browser bar direct – that way you will always land on the official website.
3. Install security software
Modern anti virus software is very good at detecting phishing attemps automatically, immediately alerting you to anything that looks suspicious. This automated warning lets you know immediately that you may be at risk of becoming a phishing victim.
Protecting against phishing scams is a combination of education, common sense, and technology. To help better protect yourself, contact us about our endpoint protection and email security services.
Modern anti virus software is very good at detecting phishing attemps automatically, immediately alerting you to anything that looks suspicious. This automated warning lets you know immediately that you may be at risk of becoming a phishing victim.
Protecting against phishing scams is a combination of education, common sense, and technology. To help better protect yourself, contact us about our endpoint protection and email security services.
Follow Us
Be the first to know
You might also like
DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. According to a recent survey, almost 80% of CIOs expressed concerns about the difficulty of discerning trusted elements from untrusted ones within DevOps environments. In particular, the pressure to deliver services at a faster pace sometimes prompts DevOps teams to take security shortcuts, resulting in potentially costly repercussions. These include data breaches, application downtime, and compliance violations. So, how can you strike a balance between the demand for agile DevOps practices and the need to maintain robust security measures?
Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. Applications fuel the engine of the world’s economy, but enterprises can encounter substantial hurdles when striving to retain a competitive advantage in a rapidly changing digital landscape. Businesses must continuously pursue inventive solutions, even as they contend with sophisticated adversaries looking to exploit opportunities to disrupt operations, compromise vital information, and inflict harm. According to recent research, approximately 17% of cyberattacks aim to exploit vulnerable web applications. Yet, 98% of web applications are susceptible to attacks that can lead to malware infection or redirect users to malicious websites. All the while, 72% of these vulnerabilities result from coding errors. Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. This is because DAST tools operate without access to the application’s source code. Instead, they emulate genuine attacks, akin to those carried out by real hackers, to identify security weaknesses. This “black box” testing method examines the application from an external perspective, scrutinises its runtime behaviour, and observes how it reacts to simulated attacks. These simulations help evaluate whether the application exhibits vulnerabilities and if it is potentially susceptible to malicious attacks.
In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today. Hacking is attacking and breaking into computer systems illegally… isn’t it? The meaning of the term “hacking” has in fact changed substantially over time, morphing from describing essentially benign (or at worst mildly disruptive) activities into its modern attribution to largely criminal and illegal activities. What’s more, in its original usage, “hacking” doesn’t necessarily even need to involve computer systems at all. In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today.