Phishing Awareness Survival Guide

Security

October 5, 2023

October marks the 20th annual Cybersecurity Awareness Month (CAM), which raises awareness of the importance of cybersecurity in America, ensuring everyone is prepared with the tools and resources they need to be safe and secure online. CAM is a collaborative effort led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance and is dedicated to empowering the public to be resilient against cyber threats and attacks. Since 2004, the impact of CAM continued to expand, reaching consumers, corporations, and institutions across the nation.

People are the first line of defense in securing information, networks, servers, devices, accounts, databases, files, and more against cyberattacks. As fearless internet explorers surviving in the tech age, everyone must stay vigilant and focused when traveling in the digital realm to keep threat actors out of accounts and networks. Identifying and reporting suspicious activity can reduce the impact and likelihood of cyberattacks. Practicing the following simple behavior and other cybersecurity basics can make a significant difference in helping to protect data from digital forms of crime. Be prepared to stay secure in cyberspace no matter who or where you are!

Phishing attacks can lead to account compromises and malware infections, including ransomware. Users can reduce their likelihood of falling victim to phishing attacks by understanding common red flags and tactics.

Threat actors employ a variety of tactics in social engineering schemes to convince users to divulge sensitive information, click malicious links, or open malicious attachments contained in phishing emails. Portraying a sense of urgency is one of the most commonly used and highly effective tactics in these schemes because the targeted user may be less likely to scrutinize the email if they act quickly on the request. In addition, threat actors may convey a sense of authority or legitimacy by impersonating known entities, organizations, or individuals and making the phishing email appear part of an existing communication chain.

Phishing emails often contain links or attachments that, if clicked or opened, install malware or direct users to spoofed websites to steal users’ account credentials or information for financial theft and fraud. Confirming the email’s legitimacy via a separate means of communication and navigating directly to authentic and verified websites is essential. If suspicious, report it to your respective organization and the NJCCIC.

For any further questions, contact us here at Cyber Command.