What are the best ways to minimize exposure to phishing attacks?

By Stephanie Ihezukwu, LinkedIn Learning instructor

In Brief: Minimizing your exposure to potential phishing attacks requires consistency across four key areas: (1) Hover over links before clicking on them. (2) Regularly update your device. (3) Use strong unique passwords. (4)Utilize malware technology tools and software

Nearly three-quarters of U.S. organizations were victims of successful phishing attacks in 2020, and the numbers continue to hover at that level. Knowledge is power, and the best defense against phishing attacks is education. You need to be able to identify these attacks and be prepared with tools to limit any negative effects. Here’s how to be sure you and your organization are minimizing your exposure to phishing efforts.

Hover over links before clicking on them

In most interfaces you'll be working with, you can hover over hypertext and see what website the hypertext is set to take you to. Hypertext describes a set of underlined text that is set to take you to a specific web page.?

The tricky thing about hypertext is that the text doesn't have to match the link attached to it. For instance, I could make a hyperlink where the text reads "Free iPhone" and the link takes you to my newsletter sign-up page. In the same way sneaky marketers use hyperlinks to take you to their sign-up pages, cyber criminals can use hyperlinks to harvest your credentials or download something malicious onto your machine.?

Hovering over the link helps you look at where you're going. If the link doesn't match anything in the message the link came in or if it just seems like a red flag, don't click. One thing I do when it comes to messages about payment or needing to log in somewhere is to manually visit the login page and forgo clicking on any links in the message.

Regularly update your device

One security best practice is to make sure you're regularly updating your devices. A lot of updates include security patches, so updating regularly protects your device from known and resolved security vulnerabilities. Consistent updates can help cut down on a lot of damage that malware from phishing attacks can cause.?

If you didn't know, there are security researchers that work around the clock to find different ways that a system can be exploited, but not for nefarious purposes. When they find something, they report it, giving the owners a chance to fix the issue and update their software. The annoying update alert you get will most likely be the result of that finding. So don't delay, update today.

Use software and other tech to combat email phishing

There are lots of ways we can use technology to defend ourselves against phishing attacks, and it can be a bit overwhelming. Take stock of what kinds of attacks you see regularly, and use technology that is relevant to you.

• Email phishing: There are tons of technology solutions that can be leveraged. If you're not sure if an email has malware in it, or has been previously linked to phishing attacks, using websites like VirusTotal or Hybrid Analysis can be really useful.
• VirusTotal is a website where you can upload a copy of the email or its hash and VirusTotal will scan it. It uses over 70 antivirus scanners and URL block listing services to check whether an item is malicious or not. Uploading anything to this website gets shared with the VirusTotal community though, so be careful not to upload any sensitive information.?
• Hybrid Analysis does a little bit of the same thing. The major difference being that hybrid analysis also makes use of a sandbox environment. Sandboxes are testing environments that allow someone to open a suspicious file or entrusted program without the risk of harming your system. Think of it like a friend getting into a body of water before you. They dip their toe in to see if the water's too cold, and when they submerge themselves, they reassure you by telling you, "Come on in, the water's fine." In that same way, a sandbox will test the email to make sure it isn't a phish.?
• An email gateway scans incoming and outgoing emails for malware and other things. It prevents any attacks from coming into your email inbox or leaving from your email address.?
• Spam or junk filters are another technology that is used mostly without our involvement. If you've ever searched your junk or spam folder looking for a legitimate email, you've probably seen a bunch of spam or phishing emails in there that never made it to your inbox. That's because a spam or junk filter took care of it ahead of time using a scoring system to classify the email as spam or phishing.?
• URL wrapping is another popular technology used to defend against phishing attacks. URL wrapping is exactly what it sounds like. Wrapping a URL in another URL. You may have used this before to shorten longer URLs, but it can also be used defensively by applications that combat phishing attacks. Depending on the software doing the wrapping, a link will be opened in a sandbox and scanned before taking you to the original destination.

Explore more

• The most common ways to defend against a phish from Cybersecurity Awareness: Phishing Attacks by Stephanie Ihezukwu

About the author

Stephanie Ihezukwu is an information security analyst who writes and speaks about cybersecurity. Stephanie has been working in the tech industry since 2013. She has worked in web hosting and server management, on the frontlines of a help desk, and as a security engineer and analyst. Her passion for cybersecurity has led her to become a delegate for Security Field Day 2, a lead for the WISP DEFCON Scholars, chapter lead for WoSEC Houston, and cohost of a weekly podcast, Coolest Nerds in the Room.

Uncover more insights to help you navigate your career in our?workplace content hub.