Longwood Community,
As you learned last week during the social engineering overview, you are more vulnerable to a cyberattack than you might think. This week, we’ll give you an overview of a common channel cyber attackers use to scheme their way into collecting sensitive data: email. Have you carefully checked your email inbox lately? There could be a social engineering attack lurking in there now. As you likely know from your Securing the Human training, it’s called a phish.
Phishing is a common attack that uses email or a messaging service to trick you into taking an action you shouldn’t take, such as:
- clicking on a malicious link
- sharing your password
- or opening an infected email attachment.
Attackers work hard to make these messages convincing and tap your emotional triggers, such as creating a sense of urgency or piquing your curiosity. Attackers can manipulate these messages to make them look like they came from someone or something you know, such as a friend or a trusted company.
They can also use software to help them do it—those of you who were here may remember the Trickbot attack in May. That attack “scraped” emails to make them appear to be from a colleague.
Attackers may even add logos of your bank or forge the “from” email address, giving the message a more legitimate appearance. Attackers then send these messages to millions of people, hoping to lure as many people as possible. They do not know who will take the bait, all they know is the more they send, the more people will fall victim. This week, we will share some tips on how not to get phished, both at home and at work.
To keep this important topic top of mind, we have included an email and phishing factsheet and a phishing audiocast that feature call-outs on how to spot a phishing email. They also outline actions you can take if you get a suspicious email.
Remember: If you have any additional questions about further protecting your email from a phishing attack or suggestions about how to improve our cyber security efforts, please contact Information Security, who is responsible for our security awareness program and will be happy to hear from you.
Best,
The Information Security Team