Articles in this section

Phishing Sites and Tips to Stay Safe

Noelle C
Follow

Phishing attacks are becoming increasingly sophisticated, making it essential for us all to be aware and proactive in protecting our online accounts and information. To help you stay safe in the future, here are some essential tips on how to avoid falling victim to phishing scams:

What is Phishing?

Phishing is a cyberattack technique used by malicious individuals to trick you into revealing sensitive information, such as usernames, passwords, credit card details, or personal information. Typically, it involves sending deceptive emails or messages that appear to come from a legitimate source, such as a bank, government agency, or even a colleague but are actually designed to steal your information or infect your device with malware.

Recognizing Phishing Attempts

Recognizing phishing attempts is the first step in protecting yourself:

  • Check the sender's email address: Examine the sender's email address closely. Phishers often use misspelled domains or suspicious variations of legitimate addresses.
  • Look for urgent language: Phishing emails often create a sense of urgency, pressuring you to act quickly. Be cautious if you're asked to provide personal information urgently.
  • Check for spelling and grammar errors: Phishing emails often contain noticeable language errors or awkward phrasing.
  • Hover over links: Before clicking on any links, hover your cursor over them to see the actual web address they lead to. Ensure it matches the legitimate website.
  • Beware of email attachments: Never open attachments from unknown or unverified sources. Malware can be hidden in these files.

How to Avoid Falling for Phishing Scams

Protect yourself from phishing attacks with these strategies:

  • Verify the sender: If you receive an unexpected email requesting personal information, contact the sender through a known, trusted channel to verify the request's legitimacy.
  • Use Two-Factor Authentication (2FA): Enable 2FA whenever possible, especially on your email account. This adds an extra layer of security to your accounts.
  • Keep your software updated: Ensure your operating system, antivirus, and all software are up to date. Updates often include security patches.
  • Educate yourself: Stay informed about the latest phishing techniques and scams. Education is a powerful defense.
  • Use a reliable antivirus program: Invest in a reputable antivirus program to help detect and block phishing attempts and malware.

Reporting Phishing Incidents

If you suspect a phishing attempt or have fallen victim to one, please take these steps:

  • Do not respond to the email: Avoid clicking on any links or providing personal information.
  • Report it: Forward the suspicious email to your IT department or Peek's partner support and fraud team for further investigation.
  • Change your passwords: If you've entered your login credentials on a phishing page, change your password immediately.
  • Monitor your accounts: Regularly review your financial and personal accounts for unusual activity.

Phishing attacks are a persistent threat in the digital world, but with awareness and vigilance, you can protect yourself and your customer’s sensitive information. Remember to stay cautious, verify the sender's identity, and report any suspicious incidents promptly. Together, we can maintain a secure partnership with Peek.

If you’re concerned about your login information, please reset your password to a unique password (or use a password manager), and encourage all your employees to reset theirs as well. This is the easiest way to secure your account if someone has your credentials.

We take the security of our partnerships seriously, and we encourage you to remain vigilant against such threats. If you ever come across a suspicious website or email related to our services, please report it to our partner support team immediately Support@Peek.com 

Advanced Phishing and Malware Protection with Google

You can protect incoming mail against phishing and harmful software (malware). You can also choose what action to take based on the type of threat detected. For example, you might choose to move suspicious content to your Spam folder, or choose to leave it in your inbox with a warning. All the security settings can be tailored for different users and teams using organizational units.

By default, Gmail displays warnings, and moves untrustworthy emails to the spam folder. Using the settings in this article helps you identify additional unwanted or harmful emails.

Note: If you use these advanced phishing and malware settings and dynamic Gmail for your organization, learn how compliance rules are applied to dynamic messages.

Advanced security settings

  • Attachments—Protection against suspicious attachments and scripts from untrusted senders. Includes protection against attachments types that are uncommon for your domain—these can be used to spread malware.

  • Links and external images—Identify links behind short URLs, scan linked images for malicious content, and display a warning when you click links to untrusted domains.

  • Spoofing and authentication—Protection against spoofing a domain name, employee names, email pretending to be from your domain, and unauthenticated email from any domain. Unauthenticated emails display a question mark next to the sender’s name. Spoofing protection can be turned on for private groups, or for all groups.

With advanced settings, you can:

  • Automatically turn on and apply future recommended settings. This ensures maximum protection for email and attachments for your domain.

  • Provide the strongest level of protection for a domain or organizational unit by turning on all security options.

  • Customize security settings by checking only the options you want to turn on. Unchecking all options turns off all advanced security settings for the domain or organizational unit.

  • Specify an action for each security option you turn on. If you don’t select an action, the default action is applied to the security option.

Important to note:

  • Other spam settings—These advanced security features work independently of other spam settings you might have previously turned on. For example, even if you've listed a domain as a safe sender in spam settings, the enhanced security features are still applied.

  • Quarantine action—When you select Quarantine for any of the advanced security settings, the quarantine you select applies only to incoming messages. This is true even when the quarantine you select specifies actions to take on outgoing messages. Allowlist settings don't override the Quarantine option. 

  • Warning banners—Warning banners (yellow box) appear only in Gmail web. Third-party apps do not display a warning banner.

How selected actions impact users

This table shows actions that you, as the administrator, can select for each advanced security setting, and the impact to users of each action.

Action Impact to user
Warning

Messages are delivered to the user's inbox. The user sees a warning banner about the message. Users can open and read the message with this option.

See:
Move email to spam Messages are delivered to the user's spam folder. Users can go to the spam folder and open and review spam messages. Users can mark messages as "not spam" if applicable. Users don't see banners with this action.
Quarantine

When this action is selected, users don't see anything. Messages are sent to admin quarantine and the admin reviews them to determine whether or not they are safe, and then "Allow" message to be delivered to users' inbox. Users don't see banners with this action.

See: Set up and manage email quarantines

 

Prevent Phishing Attacks on Your Gmail Users

As an admin, you can help your users avoid phishing attacks by implementing the Password Alert extension to users of your domain. Password Alert will detect if users enter their Google password into any web sites other than the Google Sign in page accounts.google.com.

In addition to the default features of the Chrome extension, administrators can deploy the Password Alert Server to enable password alert auditing, send email alerts, and force end-users to change their Google password if entered into a non-trusted web site.

To deploy the Password Alert extension and server for a Google Cloud domain you manage, refer to the Password Alert Deployment Guide. The Deployment Guide describes the following critical steps required for a successful deployment of Password Alert:

  • Configuring and deploying the Password Alert Server hosted on the Google App Engine application
  • Configuring and deploying the Password Alert Chrome extension and policies
  • Using the Password Alert Administrator interface
  • Deploying Password Alert best practices

For more info please see Googles guide, Prevent phishing attacks on your users.

Related articles

Comments

0 comments

Please sign in to leave a comment.