DO and DON’T and NEVER: Phishing Prevention Cheat Sheet
As a TotalCare client, part of your managed IT services is ongoing cyber security training for your employees. Here we’re sharing a few dos and don’ts that will keep you and your team from falling for most phishing attacks.
People are your businesses top assets — and your biggest security risk. That’s because cyber criminals have developed tried and true methods to trick unsuspecting employees into providing access to your network — and sometimes you won’t even know it! Phishing is at the top of this list!
Phishing is an attempt to gain access by email and there are many different types of email approaches scammers use. Learn about them in our complete Email Security Guide.
DO (for Phishing Prevention)
- DO Take All Personal Info Off Public Sites. Sometimes scammers can figure out your security question answers by looking at your Facebook page. Change your security questions. They could have been captured by a previous breach.
- DO Update Computers, Phones and Other Devices as soon as they are available. They often contain patches to known security holes.
DO Avoid 3rd Party Email Productivity Apps like Edison, Cleanfox and Slice from your email to sell. Though they specify that they keep the data anonymous, the data can be tied back to specific people.
- DO Look at the URL. Secure sites will have an “S” right after the http. The “S” stands for secure. Any genuine account login page or form will have an https:// url.
- DO USE a Communication Platform, such as Microsoft Teams, to Cut Down on Your Emails. The fewer to get through, the less likely you are to get hooked by a phishing attack.
DON’T (to Prevent Phishing)
- DON’T Act Quickly. Review emails carefully. Make sure the urls match the link texts. Roll over the “from” name and any links or buttons.
- DON’T Verify by SMS (texting). Use an authentication app such as Google Authenticator (App Store / Play) or Microsoft Authenticator (App Store / Play) .
- DON’T Download Files From Cloud Services from an Email Link. Log into those sites (e.g., Dropbox, Google Drive) and see if the file is there. If it isn’t, contact the sender to make sure it is legit.
- DON’T Click on Any Links, Reply to the Email or Call the Number Provided in the Email. Talk to the sender by using a phone number or email you already have to verify that the email is real. If you don’t have a number, visit the company website directly and find it.
NEVER! (Phishing Prevention Tips)
- NEVER Send Your Social Security Numbers, Account Logins or Credit Card Information in an Email.
- NEVER Provide Sensitive Information over the Phone To Someone Who Called You (or sent a phone number by email as mentioned earlier). Always use a known number or find a direct number on the company website.
- NEVER Download Email Attachments unless you are know the sender and have verified that they sent the email.
- NEVER Download Drivers or Software Patches. Your IT team should be maintaining this for you and can apply these remotely or over a secure connection.
Lastly know that emails aren’t the only mode of attack. They can start with a phone call or text. With all of these tactics, your best defense is training your team on how to avoid falling victim. Check out our complete Phishing Prevention Guide blog.