By now, you've all heard to be careful about clicking on suspicious links in an email. However, phishing occurs in almost every way we use technology. You can be phished via text message, a post on social media, even though a phone call, or snail mail.
Your best defenses against phishing are:
- The number one thing you can do is use strong authentication: Using multifactor authentication (MFA )is a critical and defense against credential loss. Your absolute best defense is using MFA with a passkey and/or security key , and then coupling with additional protections like Google’s Advanced Protection Program or Microsoft’s Account Guard.
- Suspicion: Phishing elicits a psychological approach to get us to do things. Having your antennae up and a healthy dose of suspicion as things come to you online is an excellent form of prevention.
- Don’t be afraid to trust your instincts. If you get that feeling that something isn’t 100% above board, trust your judgment and act accordingly. One approach is: when in doubt, throw it out!
- Preview mode: Because attachments can be a method of malware distribution, extreme caution in opening anything on email should be practiced. In Gmail, when you open a document in preview mode, malware can not be activated.
- Trust but verify: Got a request for immediate action from a boss or colleague? Double-check personally with them if you have any suspicions. Got a request from outside the campaign that seems “off”? Call the person, organization, or company directly, or type the URL of the web address into your browser to ensure you are going to a legitimate site.
If you click on something that you think might be a phishing link or open a document that makes you suspicious, report it immediately to someone in the campaign or organization. It is very important to know right away if a potential cyber incident has occurred.