TL;DR
This guide gives you simple steps to protect yourself and your organisation from phishing attacks. It covers spotting suspicious emails, reporting them, and strengthening security.
1. Recognising Phishing Emails
Phishing emails try to trick you into giving away personal information (passwords, bank details etc.). Here’s what to look for:
Suspicious Sender Address: Check the full email address – is it a legitimate domain? Hover over the sender’s name to see the actual address.
Generic Greetings: “Dear Customer” instead of your name is a red flag.
Poor Grammar & Spelling: Phishing emails often contain errors.
Urgent Requests: They try to create panic, pushing you to act quickly without thinking.
Unusual Links: Hover over links *without clicking* to see where they lead. Look for mismatched URLs.
Attachments You Weren’t Expecting: Be very careful opening attachments from unknown senders.
2. Reporting Phishing Emails
Reporting helps security teams track and block attackers.
Report to Your IT Department: This is the most important step, especially for work emails. They can investigate and warn others.
Report to the National Cyber Security Centre (NCSC): Use their reporting tool:
https://www.ncsc.gov.uk/report-phishing
In Your Email Client: Most email providers (Gmail, Outlook etc.) have a “Report Phishing” button.
3. Strengthening Your Security
These steps make it harder for attackers to succeed.
Enable Multi-Factor Authentication (MFA): This adds an extra layer of security, even if your password is stolen. Use an authenticator app whenever possible.
Example: Google Authenticator, Microsoft Authenticator
Use Strong Passwords: Long and complex passwords are harder to crack. A password manager can help you create and store them safely.
Consider using a passphrase instead of a single word password.
Keep Software Updated: Updates often include security patches that fix vulnerabilities.
Windows: Check for updates in Settings > Update & Security > Windows Update
macOS: System Preferences > Software Update
Be Careful with Public Wi-Fi: Avoid entering sensitive information on unsecured networks. Use a VPN if you must use public Wi-Fi.
Email Filtering (For Businesses): Implement robust email filtering solutions to block known phishing attempts and spam.
# Example of basic SPF record for your domain (replace example.com)
example.com. IN TXT “v=spf1 include:_spf.google.com ~all”
4. Phishing Simulation Training
Regular training helps employees identify and report phishing attempts.
Send Simulated Emails: IT departments can send realistic (but harmless) phishing emails to test employee awareness.
Provide Feedback & Education: After a simulation, provide feedback on who clicked links or entered information, and offer training resources.
The post Stop Phishing: A Practical Guide appeared first on Blog | G5 Cyber Security.
No Responses