Old school email phishing attacks just won't go away. Here's how to make sure your enterprise stays ready.
The simplistic and obviously fake emails used in phishing attacks back in the early 90s have gotten a serious makeover in a big way. So much so that even IT professional are having a hard time telling the difference between a legit email and a fraudulent one. Take for instance the Gmail Phishing scam that made its way around the Internet earlier this year. Cyber criminals worked hard to create designs that looked nearly (if not completely) identical to Google Docs emails, and created sophisticated third party apps designed to fool users into handing over their login credentials. And it worked like a charm.
The problem with email phishing these days is that enterprise organizations need to not only protect their internal IT infrastructure from being spoofed and their customers from being targeted with phishing scams, but also protect employees from accidentally leaking sensitive data by being fooled by a phishing scam themselves. It's gotten so bad that a separate term was created for email phishing attacks that are specifically targeted to high-level employees within an organization: whaling.
How to Decrease Email Phishing Attacks
There's no way to truly avoid email phishing attacks, but there are ways to make sure that your employees don't fall for them, and subsequently cause serious harm to your organization. For starters, it's important to keep employees educated on what email phishing attacks are and what to be on the lookout for.
- Use employee communication channels. Company message boards and social communities can serve as a place to share information and news articles on common phishing scams. Keeping employees up-to-date on which companies have reported phishing scams and what types of emails to be aware of can go a long way in preventing employees from clicking on email links and compromising login data.
- Improve your IT Security Infrastructure. It's important to frequently take stock of your current IT security infrastructure to make sure that it's still helping prevent data breaches and cybersecurity attacks. Installing firewalls and keeping settings up-to-date, along with regularly running antivirus software and keeping web browser security patches up to date can help keep email phishing attacks at bay.
- Implement a Response Procedure for Identifying Phishing Threats. One of the reasons why phishing attacks at large enterprises can get out of hand is that multiple people within an organization can be targeted for access to different accounts, or uninformed employees might accidentally forward phishing emails to other employees who may inadvertently give up sensitive information. Having a procedure in place for identifying potential phishing attempts is a key follow up after educating employees on how to identify email phishing.