Phishing email scams have plagued the internet since its inception. Almost everyone has heard of the “wealthy Nigerian prince trying to send his diamonds to America” or the “free trip to the Bahamas, just send us your bank account number to confirm” types of grifts. Unfortunately, hundreds of people still fall for these types of cons every year, both on personal and company email accounts. It’s time for organizations to start investing in phishing protection.
While early phishing scams featured campy stories, too-good-to-be-true offers or even fear mongering, today’s phishing scams are much more sinister. Modern hackers can create clones of notable websites, especially of those that have connected login information. Then, using those false websites, the phisher will send an email claiming to be from the site and asking the receiver to update their password. Although Verizon reports that only 4% of people will click on any given phishing trap, studies have shown that someone who has fallen victim to one in the past is likely to again.
Often, these emails will have links to the phony site and can do a number of things, including key logging a person’s password or even downloading malware and other viruses onto their systems. This tactic can be seen especially in emails claiming to be Google G Suite™ account password resets. The results can be catastrophic, as seen in the 2016 presidential election with Hillary Clinton’s campaign advisor, John Podesta.
Steps of Phishing Protection
Strong internet safety training can help implement phishing protection in an organization. Being sure to double check all incoming emails (and subsequently email links) is an easy, yet effective first line of phishing protection. Additionally, leveraging browser plug-ins that only allow secured urls, such as HTTPS Everywhere, can protect users from link-based attacks. Another great tool that generally protects identities is multi-factor authentication (MFA). Using MFA adds another step for hackers to break past, requiring a time-sensitive code sent to a smartphone app to log in to an account.
Luckily, JumpCloud® Directory-as-a-Service® can aid any organization with phishing protection. A new generation of cloud directory services, JumpCloud is designed with cyber security in mind. Directory-as-a-Service’s System App features an on-device password management tool, meaning end users no longer have to worry about emails for password resets. This makes it much easier to deny phishing attempts. It also automatically notifies users to update their passwords, taking that burden off IT admins. On top of that, admins that leverage JumpCloud can utilize its MFA feature, which then federates to all of a user’s accounts associated with their JumpCloud account.
To learn more about how you can leverage JumpCloud for phishing protection in your organization, feel free to contact us with questions or concerns. You can also schedule a Directory-as-a-Service demo to see the platform in action. If JumpCloud seems like the right solution for you, try Directory-as-a-Service today. Signing up is free, and so are your first ten users.