Email Security Blog

Are You Doing Enough to Phight the Phish?

♬♬ “It’s the most wonderful time of the year!” ♬♬

October marks Cybersecurity Awareness Month – a fan favorite at INKY. Why? Because it’s that special time of year when every business, employee, family, and individual is reminded to stop and think about the importance of cybersecurity…something we love doing every day.

Cybersecurity Awareness Month was originally launched in October 2004 as a joint effort by the National Cyber Security Alliance and the U.S. Department of Homeland Security to promote awareness and instil a sense of ownership in the fact that we all play a part in staying safe and secure online.

At the center of cybersecurity is our favorite topic - email phishing. This week, as part of Cybersecurity Awareness Month, we are all called to ‘Phight Phish”. Of course, it’s not as easy as it might sound. Of the $4.2 billion in losses reported in 2020 by the Internet Crime Complaint Center (IC3), email phishing threats were the #1 source of cybercrime.1

One of the reasons why these numbers are so high is because phishing emails come in many forms, including:

Sadly, the number of instances is continuing to climb as well, steadily rising from 298,728 complaints in 2016 to a whopping 791,790 in 2020.1 It’s not a problem that is just going to go away. Globally, the U.S. leads the world in terms of instances of cybercrime, with the hardest-hit states being California, Florida, Texas, New York, and Illinois.1

To help defend yourselves and others in the fight against email phishing, a number of Cybersecurity Awareness Month resources are being shared by the government’s Cybersecurity and Infrastructure Security Agency (CISA). One of these resources is a Phishing Tips Sheet. While these tips alone won’t prevent a successful phishing attack (for that you need a third-party phishing software solution) but they are great best practices. To guard against phishing, CISA’s Phishing Tips Sheet urges us all to do the following:2

Play hard to get with strangers. Links in email and online posts are often the way cybercriminals compromise your computer. If you’re unsure who an email is from—even if the details appear accurate—do not respond, and do not click on any links or attachments found in that email. Be cautious of generic greetings such as “Hello Bank Customer,” as these are often signs of phishing attempts. If you are concerned about the legitimacy of an email, call the company directly.

Think before you act. Be wary of communications that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.

Protect your personal information. If people contacting you have key details from your life—your job title, multiple email addresses, full name, and more that you may have published online somewhere—they can attempt a direct spear-phishing attack on you. Cybercriminals can also use social engineering with these details to try to manipulate you into skipping normal security protocols.

Be wary of hyperlinks. Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also, ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.

Double your login protection. Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring.

Shake up your password protocol. According to the National Institute of Standards and Technology guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts.

Install and update anti-virus software. Make sure all of your computers, Internet of Things devices, phones, and tablets are equipped with regularly updated antivirus software, firewalls, email filters, and anti-spyware.

Raising awareness about cybersecurity is a noble endeavor. However, it would all be for nought if we didn’t take the next step forward and actually implement the very phish fighting tactics that can keep us phish-free. For businesses, that means investing in the type of technology you need to protect your company from phishing attacks.

INKY is the industry’s best solution for the security of your email. Cost-effective and powerful, INKY can be implemented quickly, regardless of whether your employees work at the office or remotely. Uniquely effective at catching phishing attacks, INKY uses computer vision, artificial intelligence (AI), and machine learning, to search for signs of fraud. It works on any device - including mobile - and places highly visible warning banners directly in the email. INKY also integrates seamlessly with any email platform.

If you’re ready to ”Do Your Part. #BeCyberSmart”, we have an easy suggestion. Take just a few moments, right now, to request and schedule a free INKY demonstration. It’s the best way to protect your company and the best cyber decision you can make in the phight against phishing.

----------------------

INKY® is the most effective hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and a finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.

1Source: https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

2Source: https://www.cisa.gov/sites/default/files/publications/Cybersecurity%20Awareness%20Month%202021%20-%20Phishing%20Tip%20Sheet.pdf

Topics: