Everyone gets a suspicious email from time to time. Maybe it asks for personal or account information. Maybe it directs you to a legitimate-seeming website, and there you’re asked to fill in details about yourself. Perhaps, it’s a generic request or it may seem to come from someone specific, like your boss.
No matter the form, these phishing scams have common characteristics: someone wants your information or for you to take action and they don’t have your best interests in mind. The scammers could be looking to loot your bank accounts or set you up for identity theft. Perhaps, they are trying to gather intel for blackmail or to make a political point.
According to news and statistics, phishers can be successful. They’ve infected big retailers with malware, gotten funds transferred from companies to bogus accounts, and infiltrated government networks. More than 9 in 10 computer users fail to identify phishing emails in a test, according to surveys.
So, what can be done to prevent phishing and how can a cloud solution help?
Well, phishing depends on compliance by your or another victim. The solution, then, is simple: don’t comply. Specifically, you should:
- Be wary of every email and website;
- Verify links before clicking on them;
- Don’t provide financial or personal information by email; and
- Finally, alert those in charge of email and websites of suspicious activity.
From this list, it’s possible to see how a cloud solution can help. A cloud-based email solution, for example, can identify and thereby help defang malware by blocking access to malicious files and by scanning incoming email. It also can provide a means for the two-way communication needed to alert you and others of phishing attempts. The information gathered also helps tune the software’s response and improve the protection against phishing.
Scams have been getting more sophisticated. Spear phishing attacks, for instance, use highly specific information, such as an email address from a CEO, and target a very narrow group of victims, such as a branch at a foreign office.
While, in theory, user training and education can help prevent nearly all types of phishing attacks, many attacks still succeed because people are human, after all. They are in a hurry and click on a link without thinking. Perhaps, they panic because the request appears to come from legitimate source, has an immediate deadline, and carries with it a threat of significant consequences.
Therefore, a comprehensive anti-phishing solution should also be included with your cloud technology. Scamming techniques are constantly evolving. For instance, newer variations scoop up information from social media and insert that into a phishing request, with the intention of making it seem genuine. To counter that, you need a solution that is adaptable and also incorporates the information generated by the experiences of many users. Putting the power of the cloud to work helps ensure that this happens in an automated fashion. In this way, it complements and enhances user training.