Corporate Security: Using Email Security to Detect and Prevent Phishing
What is phishing?
Phishing is an email message designed to look like it has come from a reputable source, with the aim of getting readers to change a password, fill out additional personal information or download an application or virus onto the recipients' computer. Phishing is intended to gain information that can be used to hack into businesses or steal an identity - and your employees should be made aware of how to avoid these scams.
Can you prevent phishing emails from entering your employees email inbox?
The good news is, yes, you can prevent phishing messages from getting to your employees' inboxes. Most email services provide filters - such as our email security portfolio - to sift out these types of messages. A phishing filter is able to determine the source country of a message by looking at the message headers, keywords or phrases and by using a database of known spammers and email servers who send spam.
Many, if not all, of these filters and services score each email to determine if the message is spam or a phishing email. Once a score is high enough, the filter will remove the message or modify the email subject to state that the message could possibly be an attempt to phish.
Using phishing and spam filters will help to keep your employees protected and aware of messages that contain invalid and harmful requests.
It's a good idea to set some company guidelines to assist your business in fighting phishing email scams. These may include, but are not limited to:
- Don't respond to email from people or businesses you do not know.
- Don't open attachments from unsolicited email messages. These often contain viruses, key loggers and back door programs that allow access to your computer or steal your private information.
- Don't give out sensitive and private information to anyone. Unencrypted email messages can be captured anywhere on the Internet and be read by those who want to steal your identity.
- Look at the URL in the link before you click on the link. If the business domain in the URL does not look right, don't click.
- Use and maintain virus software or filter software. It helps protect you and your business from those who attempt to take your identity and private data.
- Keep your browser updated. Web browsers add and update security applets on a regular basis to keep up with bad websites.
- Check for encrypted and secure web pages. Financial institutions offer online services via the web, and all of these services use secure web pages. Check the URL for the secure web page designation (https://) before clicking.
Preventing phishing really comes down to not clicking on links in suspicious-looking emails. The majority of businesses will not contact a person through email to ask for private account information.
Why do phishers want your information?
Some phishers are hackers looking to acquire passwords and user identifications for financial institutions, and others are just looking to steal an identity. These phishers use the logged passwords and IDs to gain access to other companies. For example, the data breach at Target in 2013 was accomplished by a hacker gaining the password and identification of a contractor for Target. Once the hacker gets into a system, they take what data they can, and then sell it to the highest bidder.
The Apple iCloud celebrity picture leak is another example at hacking via phishing. Although this was not a breach of security at Apple, the data (pictures) stolen was taken by researching what information each celebrity used to answer his or her security questions. These scammers were able to look up information about the celebrities and then answer the questions to gain access. If you or your employees receive an email about changing your security questions for sites containing private and sensitive data, call the business to validate the request.
Phishing is a menace that can be deterred by education and helped along by the use of filters and secure email services like our security portfolio. Stay safe and prevent phishing from stealing your employees' identities or causing problems within your business.