Email phishing and email protection
Phishing attacks are one of the most common security challenges nowadays. Phishing is an attempt to acquire sensitive personal data (username, password, banking details) often for malicious reasons, by impersonating a trustworthy entity in email communication. If a phishing attack is successful, the company will not only lose money but can also suffer a loss of important data (e.g. clients’ personal details, bank account details, invoices, etc.). This on the other side can encourage the organization to take data privacy more seriously and accommodate the necessary security measures in advance to avoid any potential data breaches.
Different types and examples for email phishing
Traditional Email Phishing
It usually involves a mass email that goes out to thousands of individuals. The main expectation is that a few of the people who received the email will fall for the scam.
Cloned Email Phishing
This is a phishing technique where a legitimate and previously delivered email containing an attachment or a link had been stolen. The new phishing email is based on the legitimate one in hopes that the users will open the attachment or click on the link again.
Spear Email Phishing
This email affects specific individuals or groups. Hackers even gather personal information about their target to increase their success rate.
Whaling Email Phishing
The target group affected here are usually senior executives or high-profile targets managers. The content of these emails often includes executive issue, legal subpoena, or a critical business email. It could also contain a hyperlink for the user to click on to view the “important” document which then would automatically download and install the malicious software on the user’s device.
How to stay protected and avoid email phishing attacks
- To protect yourself from email phishing, it's important to be very careful with your personal information such as usernames, passwords, and any other private details.
- Avoid clicking on links or documents that might be into the email you received. It is recommended that you visit the website first by typing the web address directly into your browser or find the contact information and call the company to verify its legitimacy.
- Be extremely careful of any email or other kinds of communication with urgent requests for sensitive data such as personal or financial information, banking details, etc.
- Always keep the software of your devices up to date.
- Use a password manager with auto-fill. This way you will be able to use a different password for each account that will increase the level of your security. A password manager will save your data encrypted and safely stored.
- Use a secure website with SSL encryption or security green “lock” icon when you are sharing credit card or other sensitive personal data online.
- Make sure you are using secure points of entry such as a shared Wi-Fi (neighbors, friends) or open Wi-Fi (hotels).
- Change your passwords regularly, use a VPN (virtual private network) and choose a trustworthy email provider with strong security.