How to avoid email phishing attacks?

Phishing is a well-known way to attack user’s confidential data like username, password, email, credit card information, company’s secrets. The attacker gains access to resources by spoofing and doing tasks like a trustworthy entity. By phishing, they direct users to fake pages and force their victims to pay through nose.

How hackers do phishing attacks?

See following scenarios.

1. Hacker creates a spoofed ID of the client and requests access to client resources and your company employee replies to that email with outlook signature. That signature in the email has more information about the employee to get in touch. Designation specified, provides information about employee’s authority to do a particular task.
2. Hacker creates a spoofed email ID of your company and sends the email to your client. The client takes it as a genuine email from your company ignoring domain name, which is similar but not the same. After multiple interactions, client mistakenly form trust on spoofed email id and transfer money to the account information provided by the attacker.
3. Your company employee “reply all” to an email in which there was spoofed id. And that email chain has lots of information about your company and projects. Hacker gets so much information about the client and project and your company eventually loses that project as well as the client.
4. An email with “External email” tag comes to your employee with promotion information and a link to fake website and force employee to give away secret data.
5. You get an email from your bank that you haven’t paid the previous month’s credit card bill or any bill with a link. You click on that link and paid the bill without realizing that its a fake link.

How to prevent phishing attacks

1. Check domain of the email while replying.
2. When you “reply all” check the email addresses and confirm if you found anyone fishy.
3. Do not reply to emails with “External Email” tag and never click on the links provided in that email without confirmation of your superiors or IT team.
4. Provide your employees training on regular intervals and cross check them.
5. Make your clients aware of such attacks.
6. Train your employees to not to trust promotion and increment email if it’s not coming from HR or from their respective managers. Never click on any link provided in that email.
7. If in email sender says that its urgent and have different writing style, then verify the email address of the sender.
8. If the sender expects you to do something that you are not authorized to do or you are not expecting such an email then beware.
9. Disciplinary action should be taken if the employee carelessly replied or clicked on such a link in the email.