Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. How to protect against phishing attacks
In this articlePhishing attacks attempt to steal sensitive information through emails, websites, text messages, or other forms of electronic communication. They try to look like official communication from legitimate companies or individuals. Cybercriminals often attempt to steal usernames, passwords, credit card details, bank account information, or other credentials. They use stolen information for malicious purposes, such as hacking, identity theft, or stealing money directly from bank accounts and credit cards. The information can also be sold in cybercriminal underground markets. Social engineering attacks are designed to take advantage of a user's possible lapse in decision-making. Be aware and never provide sensitive or personal information through email or unknown websites, or over the phone. Remember, phishing emails are designed to appear legitimate. Learn the signs of a phishing scamThe best protection is awareness and education. Don't open attachments or links in unsolicited emails, even if the emails came from a recognized source. If the email is unexpected, be wary about opening the attachment and verify the URL. Enterprises should educate and train their employees to be wary of any communication that requests personal or financial information. They should also instruct employees to report the threat to the company's security operations team immediately. Here are several telltale signs of a phishing scam:
If in doubt, contact the business by known channels to verify if any suspicious emails are in fact legitimate. Software solutions for organizations
What to do if you've been a victim of a phishing scamIf you feel you've been a victim of a phishing attack:
Reporting spam
If you're on a suspicious website
More information about phishing attacks
FeedbackSubmit and view feedback for Additional resourcesAdditional resourcesIn this articleWhich term refers to the step between the account having access and the account being removed from the system?Which term refers to the step between the account having access and the account being removed from the system? Account disablement.
What is a paradox of social engineering attacks?A paradox of social engineering attacks is that people are not only the biggest problem and security risk, but also the best tool to defend against these attacks.
Which of the following attacks is considered easy allowing threat actors to access user data and read through passwords and PINs and why is it considered so?Which of the following attacks is considered easy, allowing threat actors to access user data and read through passwords and PINs, and why is it considered so? A WLAN consumer attack, because many users fail to properly configure security on their home WLANs.
Which program is a hashing algorithm?Some common hashing algorithms include MD5, SHA-1, SHA-2, NTLM, and LANMAN. MD5: This is the fifth version of the Message Digest algorithm. MD5 creates 128-bit outputs. MD5 was a very commonly used hashing algorithm.
|