What is Phishing, and how do you Handle it?

Email Phishing is a practice that hackers use to deceive the users by making their fraudulent communication appear as authentic. To understand Email Phishing better, let’s understand how such attacks take place. Phishing attacks happen when we receive an unknown email that looks from a known source and has some sort of attachment or a link. If we try to download the attachment or click the link, it might allow the attacker to steal confidential information and obtain control over the system.

The above images are examples of phishing emails. If we select the “Secure your account” option or click the link, we might fall victim to phishing attacks.

How can we prevent Phishing?

• Training and education for the staff: We need to train the staff about spam emails. Need to show them some spam emails received previously and make them cautious. This helps organisations a lot in preventing phishing attacks.
• Let them know the most common ways to identify if it is a suspicious email, such as:
• Urgent call to action.
• Unknown, first time or unusual sender.
• The domain of the email doesn’t match the organisation.
• Suspicious links or attachments.
• Secure accounts and access: Encourage employees to use strong passwords and keep changing them regularly. Should also recommend they use multi-factor authentication to secure the device and data.

If an employee receives a suspicious email, then:

• Report it, and the cybersecurity department will take care of the issue.
• Try to do a hard delete of the email.
• Try blocking the sender so you won’t receive any further emails from the same sender.
• Try not to click on any suspicious links.
  

  Installing Security software: This is often considered the first line of defence because, if we have security software, it might block the phishing email from being delivered.

• Keeping the software updated
• Enforcing password policies: This includes setting up some rules while creating a password, such as the minimum length of the password, the special characters they can use, etc., to make it complex.
• Allowing the use of multi-factor authentication.

How to check the email header for phishing emails?

Every email has three components: envelope, header, and message. The envelope is not always visible; the news is where we put the actual message. The title is visible to the sender and the recipient.

The header contains the sender, receiver, date, and subject details. It also shows us the security checks it has passed before the receiver has gotten the email.

To know if it is a phishing email or not, we can check if:

• The sender address and domain match or not: if it doesn’t match them, it is a phishing email.
• Email travel path and the email client.