How to prevent phishing.
What is phishing?
Phishing is a broad term used to describe social engineering techniques that use emails with bogus links to sites you’re likely to trust, and bogus websites filled with malware-triggering links. The goal is to either trick you into providing sensitive personal information like social security number, bank account info, credit card numbers, login usernames and passwords, etc., or simply to deliver malware onto your system to quietly spy on you, steal data, or hold your data for ransom. Phishing comes in several flavors too, including spear phishing (referencing past or future events in your life, like an upcoming vacation you have planned, in the contents of the email to create a halo of authenticity), and whaling (targeting high-profile executives like CEOs). All varieties have one thing in common — they all start with an email.
The phishing email has been around as long as email itself.
For those of us old enough to remember life before email, everything took a lot longer. Work life and social life moved at the pace of snail mail and answering machines (if you don’t know what an answering machine is, ask your parents). Email introduced new convenience and efficiency, allowing us to instantly send documents that would have taken days or hours to physically deliver. It didn’t take long before every workplace depended on email to run. But convenience and efficiency came at the expense of increased exposure.
The bad guys knew where to find everyone, because everyone was on email. And they knew in those early days of email (especially emails related to ecommerce, online banking, and professional services), we were so enamored with the convenience and speed of it all that we overlooked the risk. We were a little too comfortable sharing sensitive personal and financial information in email — social security number, bank account info, credit card numbers, usernames and passwords — as long as the people asking for it were trusted vendors and service providers. After all, if our bank website or accountant asks for our social security number over email, it must be safe…right?
Don’t get fooled
If you use email for client communication, your clients and your firm are at risk. Today, it’s impossible to be an email user and eliminate phishing from your life. While you can’t stop it from entering your email inbox, you can educate yourself to better recognize it and avoid it. Remember, phishing attacks are always evolving, and if you avoid one, chances are the next attempt will be harder to spot. Here are a few rules to remember:
- Never blindly click on links.
- Never give out personal information or financial information over email, no matter who’s asking.
- When you receive a suspicious email, either delete it or call the person whom you think sent the email to confirm its authenticity.
- There are many services and service providers who are happy to help your firm get up to speed, and some will even help test the effectiveness of your security perimeter.
- If you or your firm are in possession of valuable data that would be of interest to bad actors (SSNs, EINs, bank account numbers, credit card numbers, usernames and passwords, confidential or sensitive information, etc.), never forget that email is still the easiest place for cybercriminals to steal it.
Ok, so what’s the best way to prevent phishing?
By far, the single most effective way to protect yourself from phishing is to never trust email. If you’re using messaging apps like Slack or WhatsApp, you’ll notice a refreshing absence of spam and phishing. That’s because you and fellow users are “in network.” Unlike email, in-network platforms are closed to the world. The bad guys can’t just look up or guess your information. You’d have to add them to the network.
Positive trend and future outlook.
Phishing is here to stay, and will live as long as email does. Thankfully, communication is trending away from email and toward dedicated in-network communication and collaboration apps, most of which are dramatically safer than email. The quicker we sever our reliance on email for important communication and file sharing and adopt safer, invite-only platforms the better. Large financial institutions are already moving their customers off email onto their own custom-built secure platforms. With the introduction of affordable, scalable secure file sharing platforms like Liscio, small and medium-sized firms can now follow suit.