Share what you know with millions of people
Focus is the best place to turn what you know into remarkable content
0
What are some techniques to mitigate the threat of phishing?
Events
- Dos and Don'ts of Small Business Marketing May 29 @ 11 am PT
- Lead Nurturing 202: The Next Generation May 31 @ 11 am PT
- The Tricks to Paid Media June 6 @ 11 am PT
- Display Advertising for Brand Awareness June 20 @ 11 am PT
Related Activity
3 Answers
I use three techniques:
1) A reliable e-mail service provider with spam filtering enabled, e.g., Google Gmail, using my own domain name. This eliminates most phishing attempts.
2) A whitelisting service that requires unknown senders to manually respond to a challenge. This eliminates most of what spam filtering does not.
3) Vigilance, i.e., I do not respond to anything that asks me to sign-on to my on-line account via a link in the e-mail. This stops the few that get through the first 2 barriers.
Watching those email links is a very important step. As a rule I never follow a link from an email, I copy it and paste it on a new browser window since links can be masked or redirected.
Keying in the wrong password is also a good technique to verify if the site in question is authentic.
Changing passwords often as well as creating passwords with a combination of small and upper caps + numbers and dashes if acceptable.
So many things we can do. Also making sure we log out and close the browser when we are done.
- Use all the usual antispam techniques. ISP filtering, application filtering, MUA filtering etc.
- Do not open any email where the subject line is generic, or contains only information available publicly. This eliminates something like 99% of everything which slips past the purely algorithmic and Bayesian filters.
- Do not click on any links in an email. Ever. If possible, set your email to make links non-clickable altogether.
- Do not cut and paste any links from an email into a browser unless you know for a hundred percent certain that the domain does not allow third parties to upload content. If it's a social media site, a forum site, a journaling site, or anything which lets the general public contribute, it's entirely possible that someone has uploaded something nasty into some small corner somewhere. Always approach such sites using only the main page or your normal login procedures / profile page etc.
- If you don't recognise a site purely from the domain name, or don't know the person who sent you the email, or the email seems uncharacteristic for the person it's purporting to come from, do some basic research first. Google can usually tell you if a particular site name is linked with spam, phishing, or other dirty tricks. It can also give you a rundown on how long the site has been in existence (less than eight weeks is a red flag), let you see a cached copy of it, and in short present a lot of information before you visit.
- A non-computer (technically) example of phishing/scamming: Don't blindly follow the instructions of anyone calling up claiming that your computer has problems and they can tell you how to fix it. Particularly when it's obvious they're reading off a script, there are fifty other voices murmuring the same thing in the background, and they have the English skills of a dead lemming.
Answer This Question