Phishing Prevention Tips
Phishing prevention can be difficult since it is constantly morphing and so common. A multi-pronged approach usually works best for addressing this threat.
Use Spam Filtering
Use spam filtering, which may include using a third-party service or enabling features already available from your email service.
Avoid Publishing Your Email Address Online
To prevent attackers from automatically scraping your website for email addresses, avoid the publication of email addresses on your website. Instead, require the use of phone calls, or use a web form that forwards the email to the appropriate party.
Limit Email Formats
Limit the format of emails to what’s needed – this may mean allowing only plaintext emails, or removing HTML links.
Enable the Right Tools
Enable and require SPF, DKIM, and DMARC on your organization’s mail servers.
Consider implementing a secondary verification on emails sent and received on the client side – for example, PGP or GPG.
Use Multi-Factor Authentication
Wherever possible, use Multi Factor Authentication (MFA) to protect user accounts. This prevents attackers from using stolen credentials gained through phishing.
Implement a Domain Monitoring Service
Consider implementing a domain monitoring service or program to mitigate the risk of attackers sending emails from similar-looking domains.
Educate Your Workers
Educate your users on how to recognize a phishing email, and emphasize that IT support will never ask you for your password.
Protect Your Organization
Can Sedara help you with phishing prevention? Contact us for more information.