Essentially an attacker puts out bait (fake messages) to catch fish – in this case, unsuspecting computer users. The attacker tries to trick people into sharing personal information or login credentials, or any information that could later be used against them in future attacks.
Follow the steps below to protect yourself and your business against phishing.
1. Turn on 2-Step Verification
2-Step Verification (also known as two-factor authentication) adds an extra layer of security to your account. With 2FA enabled you’ll sign in to your account in two steps with:
- Something you know (your password)
- Something you have (your phone or a security key).
Even if your password is compromised, access to your account is still protected by the secondary layer.
Get started with 2-Step authentication on your account.
2. Activate DKIM
DomainKeys Identified Mail (DKIM) is an email authentication method designed to prevent forged sender addresses in emails, a technique often used in phishing and email spam.
By enabling DKIM on your mail server it becomes much harder for an attacker to forge your email address and fool your clients or team members into thinking they are communicating with you. DKIM provides a means for email servers to verify that email was sent by you (and was not tampered with); it does this by using private and public encryption keys in much the same way online credit card transactions are secured.
DKIM requires an update to your domain’s DNS and to your G Suite server settings. If you are a G Suite subscriber, we will take care of implementation for you.
3. Report suspicious email
When Google identifies a suspicious email a warning message and option to move the email to the spam folder is displayed. You have full control over this process and can mark or unmark emails as phishing attempts.
4. Professional security audit on your domain
It’s critical to identify your organization’s unique risks in order to effectively optimize the security of your Google Workspace deployment. We help our clients with a free high-level security audit to ensure best practices are followed and your Workspace deployment is safe from unnecessary and preventable security risks.