Phishing Prevention Tips

Phishing prevention can be difficult since it is constantly morphing and so common. A multi-pronged approach usually works best for addressing this threat.

Use Spam Filtering

Use spam filtering, which may include using a third-party service or enabling features already available from your email service.

Avoid Publishing Your Email Address Online

To prevent attackers from automatically scraping your website for email addresses, avoid the publication of email addresses on your website. Instead, require the use of phone calls, or use a web form that forwards the email to the appropriate party.

Limit Email Formats

Limit the format of emails to what’s needed – this may mean allowing only plaintext emails, or removing HTML links.

Enable the Right Tools

Enable and require SPF, DKIM, and DMARC on your organization’s mail servers.

Secondary Verification

Consider implementing a secondary verification on emails sent and received on the client side – for example, PGP or GPG.

Use Multi-Factor Authentication

Wherever possible, use Multi Factor Authentication (MFA) to protect user accounts. This prevents attackers from using stolen credentials gained through phishing.

Implement a Domain Monitoring Service

Consider implementing a domain monitoring service or program to mitigate the risk of attackers sending emails from similar-looking domains.

Educate Your Workers

Educate your users on how to recognize a phishing email, and emphasize that IT support will never ask you for your password.

Protect Your Organization

Can Sedara help you with phishing prevention? Contact us for more information.