Phishing attacks are one of the most common security challenges faced by both individuals and businesses in safeguarding their data. Whether it's gaining access to passwords, credit cards, or other sensitive information, hackers are using various communication channels to steal valuable data. Businesses, in particular, are a lucrative target.

Various Phishing Techniques

• Embedding a link in an email that redirects employees to an unsecure website requesting sensitive information.
• Installing a Trojan through a malicious email attachment or ad to exploit vulnerabilities and obtain sensitive data.
• Spoofing the sender address in an email to appear as a legitimate source and request sensitive information.
• Attempting to obtain company information over the phone by impersonating a known company vendor or IT department.

Protective Measures for Businesses

• Educate your employees during training sessions with mock phishing scenarios.
• Install a spam filter that detects viruses, blank senders, etc.
• Keep all systems up to date with the latest security patches and updates.
• Deploy an antivirus solution, schedule signature updates, and monitor the antivirus status on all devices.
• Develop a security policy that includes password expiration and complexity.
• Deploy a web filter to block malicious websites.
• Encrypt all sensitive company data.
• Convert HTML email into text-only email messages or disable HTML email messages.
• Require encryption for employees telecommuting.

Tips to Avoid Phishing

• Be skeptical of all emails

Ask yourself: who is this email from? If the sender is someone you do not recognize, chances are this email is either some form of unsolicited spam or it is a phishing email. Search for the domain through Google or a search engine to see where the domain originates.

• Be cautious of attachments

If you do open the email and are prompted to download images or attachments, don't. These "images" and attachments could contain malicious content that you don't want on your computer. At most, you'll be bombarded with a ton of spam and ads. At worst, your computer could be an open book to an attacker seeking your information.

If the message comes from a sender you don't know, or even if it's a sender that you do know, seek confirmation before downloading any attachment.

• Ignore instructions and requests for action

If the email is urging you to do something, stop and think before you fall into their trap. If it's too good to be true or seems too farfetched, it probably is.

In a professional-based scam, the email may say you need to act upon something and the message comes from someone in a position of authority, such as an IT team member telling you your computer is infected, or an HR person asking you to fill out a company survey. These types of messages may try to fool you into thinking you have a package that was "undeliverable" or that your bank account has been breached.