October 1st marks the beginning of the 18th annual Cybersecurity Awareness Month. Once again, the Federal Cybersecurity Information Security Officer (CISO) Council is proud to reinforce its commitment to safe and secure online behavior. Remote work continues to be the ‘new normal’, and cybercriminals are ramping up their focus on this expanded attack surface. Phishing attacks have been on the rise for decades and cybercriminals Phishing attacks have been on the rise for decades and cybercriminals seek to take advantage of weary workers. This method of attack continues to be one of the most dangerous threats to an organization because it is the easiest way to deliver malicious or weaponized payloads.
An organization’s first line of defense against phishing is training and awareness. Train, exercise, assess, and re-train is the best way to improve the workforces’ ability to identify, understand, and prevent phishing attacks. With that in mind, here are a few tips to Fight the Phish!
Spear Phishing targets specific users by researching personal and publicly available information.
Secure personal information online by setting social media accounts to private.
Recall if you have received similar communication from the sender in the past.
Whale Phishing targets executives and other high-profile users. Social-engineering tactics trick users into initiating financial transactions or divulging sensitive information.
Check privacy settings on social media and be careful what is shared.
Vigilance is important since these attacks are harder to detect. The reliance is on social engineering to trick targeted users. Attacks do not always contain a malicious file or link.
Deceptive Phishing disguises as a credible sender and imitates a legitimate source to steal personal data.
Inspect URLs to identify redirection to unknown or suspicious websites.
Review sender’s email address for unfamiliar, misspelled ..
Support the originator by clicking the read the rest link below.