On any given day, you will likely read an article about a new strain of ransomware, a new trojan, a data breach being announced, or actions carried out by nation-state attackers. These topics are used in bold titles, commanding your attention. While these articles are informative, they typically answer the question of “what” and skip the question of “how”. In many cases, Phishing is the answer to the “how” question.
Ransomware, trojans, and credential harvesters frequently utilize Phishing to reach an organization where they are most vulnerable, their users. Phishing attackers understand that our users are eager to be helpful, respond to emotional provocation, and are trusting. This results in our users receiving messages from the CFO requesting a wire transfer, someone needing to update their direct deposit, or signing in because there was an issue with their account. Attackers use these to provoke users into acting, and they work.
To reduce your organization’s risk, it is important that your users Stop, Look, Think.
- Stop: When a questionable message is received stop before acting.
- Look: Does the email address look right? Does the hyperlink go where it’s supposed to? Are there grammar or spelling issues? Is the message a response from someone you have never communicated with?
- Think: Why would the CFO request a wire transfer utilizing an AOL email address? How is IT emailing you, when your account has been deleted? Why is someone sending you an attachment if you’ve never had any contact with them?
By teaching these three steps to your users, you can help minimize the risk that Phishing poses to your organization.
For more information on how to be better protected online, visit the NICCS Website.