Phishing awareness educates candidates/employees on how to identify and report suspected phishing attempts, to protect themselves and the company from cyberattacks, hacking and others who want to steal data from your organization. It is impossible to prevent phishing technically hence phishing awareness comes into picture. Awareness can be of different forms. We all need to work on how we can educate employees to at least reduce the risk.

Most common types of phishing include generalized phishing, spear phishing, voice phishing and in person phishing. Generalized phishing often involves email or text asking for some kind of confidential details posing as some popular companies. Spear phishing is advanced and dangerous. It involves personal information which readily/publicly available. Hackers use this data for phishing purpose. Voice phishing, as the name clearly indicates uses professional voice as an asset to try phishing. They use authentic sounding voices of real people. In person phishing includes typically the way of talking where the hacker/bad actor tries to retrieve confidential data from the person by making a good start of communication. We all should always be alert from strangers while sharing confidential details which can include passwords, pin, identity numbers etc.

It is necessary that we all are aware of these kinds of phishing attacks and be alert for the same and protect ourselves!

Employees should be trained for these phishing attacks before it happens and we loose data.

1. Employees should be given training programs and sessions for education. There are platforms which gives us a real time phishing experience and help company understand how employees react to phishing emails. Our company too has a phishing tool which is typically designed for phishing awareness.
2. Continuous training is yet another approach. Company must maintain phishing awareness training programs over a period of time. Employees should co operate for the same.
3. Identifying high risk employees is quite important. Every company has 2 types of high risk employees – Employees who fail to recognize a risk/threat and employees who are prone to have attractive deals

Four common ways to avoid phishing attacks include:

• Protect your system by using latest security softwares
• Update your mobile by setting software to update automatically
• Protect your accounts by using MFAs
• Backup your data

If you come across an email or text which is weird

1. Don’t open
2. Delete it immediately to prevent yourself from accidentally opening the message in the future.
3. Do not download attachments which is attached to the message.
4. Never click links which are suspicious

Five ways to detect phishing emails :

• · Urgent action demand request from strangers
• · Poor grammar and spelling errors in the attachment
• · An unfamiliar greeting which is weird
• · If a person requests for login credentials, payment information or sensitive data.
• · Offers that are too good to be true.
• · Suspicious or unsolicited files/attachments
• · Inconsistent email address

Some red flags of Phishing attacks :

1. Urgent/threatening language
2. Sensitive information request
3. Any offer which is too good and not possible
4. Unexpected emails
5. Unprofessional design
6. Suspicious attachment
7. Incorrect but similar email address