Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
FBI’s Recommendations to Prevent Phishing Attacks
June 6, 2017
The FBI has published some pretty good advice for how to prevent phishing attacks. Let's face it. Some of those phishing e-mails are pretty darn good. The bad guys are also doing a little advanced reconnaissance to try and drive up their success rate. They'll check out social media sites to get a little more personal information about you so that you are more likely to click on a link or open an attachment. Some of the advice is common sense and pretty basic, but you probably didn't think about some of them either.
- Don't use free web-based e-mail accounts for your business. Establish your own domain and create e-mail accounts based on that domain.
- Ensure that your firewalls, virus software, and spam filters are robust and up-to-date.
- Immediately report and delete suspicious e-mails, particularly those that come from people you don't know.
- If you receive an e-mail from someone who appears to be a legitimate contact; but you are wary, make sure you "forward" it back to the sender. Do not hit "reply." That way you can manually type the known e-mail address or find it in your established contact list to confirm authenticity.
- Don't click in a moment of panic. Fraudsters often use social engineering to stress you out so you will act quickly without thinking. Check before you click.
- Consider two-factor authentication for employee e-mail. This would include something you know (such as a password) and something you have (such as dynamic/changing PIN or code.)
- Create a security system that flags e-mails with similar — but incorrect — formatting. For instance, you may regularly do business with Joe at ABC_company.com, but are you going to notice if one day the e-mail comes from Joe at ABC-company.com?
- Make sure your e-mail is encrypted in transit if you are putting sensitive information into it.
E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com