Defending Against Phishing

Warning Signs

• Unfamiliar sender
• Suspicious links
• Unjustified urgency
• Obvious language mistakes

Technical Controls

• SPF / DKIM / DMARC to protect outbound email.
• Email filtering gateway.
• Disable Office macros by default.
• Enforce MFA on all sensitive accounts.

Policies

• No one ever asks for a password by email.
• Voice verification for large financial transfers.

Continuous Training

Run simulated phishing campaigns each quarter.

A security culture beats any single tool.